[Zope3-dev] Re: a note on groups and roles

[Steve Alexander]

Phillip J. Eby wrote:
> At 08:08 AM 3/28/02 +0000, Steve Alexander wrote:
> 
>>> I'm assuming, however, that when you say "protected by a single 
>>> permission" that there is "only one permission which allows access", 
>>> as opposed to "only one permission required".  :)
>>
>>
>> I'm not sure what your distinction is here.
>>
>> I'm certainly not saying "each permission allows access to only one 
>> method".
>
> So you see, once again the mere existence of "sets of permissions" does 
> not give equivalent functionality to roles.
> 
> I find it curious to be in the position, not of arguing for a new 
> feature in Zope, but rather of arguing to prevent the removal of a 
> perfectly good feature which works *very* well for me as it is, is a 
> good conceptual fit for what I need in my applications, was easy to 
> understand and I find easy to explain to other developers.  Quite a 
> novel situtation for me.  :)

Ok, I see what you're saying now.

I think you've misunderstood me (and/or I've been unclear).

What I described in my last email was not meant to be a permissions 
grouping mechanism to replace roles. To the contrary, I would like to 
see both a permissons grouping mechanism, and a roles mechanism in zope 
3. I think roles are really important for building all kinds of systems, 
and I don't want to see them go. Fortunately, Jim has already said on 
this list that roles will be in Zope3, so I'm not concerned about that.

So, the mechanism I described is not meant to replace roles. It is 
merely meant as an aid to managing permissions. Permissions are still 
mapped to users(/principals) via their roles.

--
Steve Alexander