[Zope3-dev] Re: a note on groups and roles
Joachim Werner
joe@iuveno-net.de
Mon, 25 Mar 2002 16:33:35 +0100
> > - Roles are really groups of permissions.
>
> No, they aren't.
>
> A role is an application-domain relationship between a user and an
> application--domain object, which *implies* a set of permissions.
>
> IMHO they are a critical, and *non-optional* feature of the Zope security
> model.
But you are not talking about Zope 2 here, are you? In Zope 2, roles
definitely are collections of permissions that are then mapped to users.
Whatever the theoretical background might be ...