At 10:06 PM 3/24/02 +0000, Florent Guillaume wrote: > - Roles are really groups of permissions. No, they aren't. A role is an application-domain relationship between a user and an application--domain object, which *implies* a set of permissions. IMHO they are a critical, and *non-optional* feature of the Zope security model.