Hi Chris,
in an earlier message, you defended the existence of a separate permission "Access Session Data" (in the CoreSessionTracking proposal) by the following case:
There may be (authenticated) users with (TTF?) scripting rights that should be prevented to screen session data (by withdrawing the "Access Session Data" permission from them).
This will only be effective, when not all users automatically have the "Anonymous" role.
Yes, this was brought up earlier today by someone at DC. I need to think about it more. :-(
Why am I against new permissions? This has partly to do with the current Zope permission management. As soon as you have more than a few products installed and created a few additional roles, permission management becomes a nightmare: it is very difficult to keep the overview with the current unstructured, non-batched permission setting view.
I agree that the current permissions management interface is tough to navigate. I think we should probably fix this instead of limiting features of products because we're worried about cluttering the permissions management interface. That said, I don't know of any initiatives to do so. :-(