[Zope3-dev] Re: a note on groups and roles
Phillip J. Eby
pje@telecommunity.com
Wed, 27 Mar 2002 22:27:26 -0500
At 01:29 PM 3/27/02 +0000, Steve Alexander wrote:
>Steve Alexander wrote:
>>Florent Guillaume wrote:
>>
>>>- Permissions, groups of permissions (which are still permissions),
>>
>>One important thing about permissions is that an attribute of an object
>>is protected by a permission.
>>I can't think of any use-case where an attribute of an object needs to be
>>protected by a group of permissions.
>
>Actually, I need to modify that a little bit:
>
> A method needs to be protected by a single permission.
>
> A read-only attribute needs to be protected by a single permission.
>
> A read-write attribute (if we have these) would be protected by two or
> three single permissions.
>
>
>This doesn't change what I'm basically trying to say, though.
It seems to me that this could lead to a proliferation of extremely
fine-grained permissions, which are then managed by higher-level permissions.
I'm assuming, however, that when you say "protected by a single permission"
that there is "only one permission which allows access", as opposed to
"only one permission required". :)