[Zope3-dev] Re: a note on groups and roles
Florent Guillaume
fg@nuxeo.com
Wed, 27 Mar 2002 13:14:33 +0000 (UTC)
Okay, I'm now seeing the light wrt roles.
Here's how I see the concepts now:
- Principals, groups of principals (which are still principals),
- Permissions, groups of permissions (which are still permissions),
- Roles, which are distinguished (groups of) permissions, and
probably managed differently,
- Mappings (placeful ones) between principals an *roles*,
- Nonlocal definition of those mappings if needed.
This means that roles are a mandatory intermediary in the mapping
between principals and permissions.
Florent
--
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 10 http://nuxeo.com mailto:fg@nuxeo.com