[Zope3-dev] Re: role (contextual) services?l

Philipp von Weitershausen philipp at weitershausen.de
Sun Apr 4 05:06:31 EDT 2004 

Roger,

> > I also wonder if you got the concept of roles right. 
> 
> Yes you are right, I don't know if I got the concept right.
> I was thinking of: you can give(grant) roles permissions. And give
> a prinicpal one or more roles. This gives a principal permissions
> (which are granted to the roles).  

Yes, that is correct; however, you're describing the actual process of 
granting a role. I was more trying to explain the abstract concept of roles.

> > Roles are not like 
> > groups, but they represent responsibilities. A user can only 
> > be in one group, but have more than one assigned role. 
> > How would you handle component lookup for a principal that 
> > has several roles?
> 
> Is this right, a user can only be in one group?

Well, that is how *I* define groups, e.g. in a company I have 
departments and an employee is most likely only to be in one department 
(=group), although he might have different responsibilities (=roles) 
within that department.

> In Zope 2 with a User Group Folder you could collect users in groups
> for easy to asign roles(local-group-roles) to a the group and not 
> only to roles to each user.

Well, I didn't say anything about GRUF, did I? I find GRUF a terrible 
workaround for the limitations of Zope2.

> Do we get groups in Zope3?

Out of the box, no. But I'm sure someone will someday provide a security 
policy + principal source that does give us groups. Maybe in addition to 
roles, maybe instead or maybe both. Any takers? *wink*

> What can groups do? Why can a user not be in two or more groups?

It is really up to you how you define groups. I personally would define 
groups as something that I'm physically in, such as a department. But I 
might have to build an application for a customer that requires a 
different concept of groups (you know how customers are ;))...

> Where are more infos about roles and groups?

The roles concept has not changed much since Zope2, so look for infos in 
Zope2 docs (you might also find some on the Zope3 wiki, but I doubt 
that). As for groups, again, it's up to you to define what they and 
their semantics are.

Philipp

More information about the Zope3-dev mailing list