I've found that it would be very useful to be able to define groups of users and then grant a local role to that group rather than individual users. For example we have multiple groups working together on our Zope installation and there are certian objects my group may want to share with another group. We can grant all the members of that group permission, however if they hire someone new they have to notify the maintainers of every object their group has access to. Are there plans for anything to solve this problem? The idea implementation I see would be a centralized group management system (maybe in the control panel) and then ability to grant roles to the group. But this would require changing core pieces of Zope. Any ideas on implementation? --Brian Brinegar ECN Web Technician MSEE 104 A 494-3106 http://www.geeksoft.net/
Have a look at http://www.zope.org//Wikis/DevSite/Proposals/LocalRolesRevamp for one proposal related to this. brian.r.brinegar.1 <brinegar@purdue.edu> wrote:
I've found that it would be very useful to be able to define groups of users and then grant a local role to that group rather than individual users.
Florent -- Florent Guillaume, Nuxeo (Paris, France) +33 1 40 33 79 10 http://nuxeo.com mailto:fg@nuxeo.com
On Tue, 11 Dec 2001 13:43:45 -0500 (EST):
I've found that it would be very useful to be able to define groups of users and then grant a local role to that group rather than individual users.
A role is essentially a group. Granting a local grouping (role) to a group doesn't make any sense to me.
For example we have multiple groups working together on our Zope installation and there are certian objects my group may want to share with another group. We can grant all the members of that group permission, however if they hire someone new they have to notify the maintainers of every object their group has access to.
Are there plans for anything to solve this problem?
Make two roles. Assign those roles the permissions you want them to have. Assign people in your groups to have the roles. Am I missing some strange requirement? --kyler
Kyler@Lairds.com wrote:
On Tue, 11 Dec 2001 13:43:45 -0500 (EST):
I've found that it would be very useful to be able to define groups of users and then grant a local role to that group rather than individual users.
A role is essentially a group.
I think the general consensus is that a role is not essentially a group although the two can be easily confused ;-) cheers, Chris
On Sun, 16 Dec 2001 14:21:04 +0000:
Kyler@Lairds.com wrote:
On Tue, 11 Dec 2001 13:43:45 -0500 (EST):
I've found that it would be very useful to be able to define groups of users and then grant a local role to that group rather than individual users.
A role is essentially a group.
I think the general consensus is that a role is not essentially a group although the two can be easily confused ;-)
If you have a role, you're in a group - the group of all people with that role. My apologies for having included the world in my reply. I was thinking that I was replying to a more limited group. --kyler
A role is essentially a group.
I think the general consensus is that a role is not essentially a group although the two can be easily confused ;-)
If you have a role, you're in a group - the group of all people with that role.
My apologies for having included the world in my reply. I was thinking that I was replying to a more limited group.
You must have used the wrong role ;)
On Sunday 16 December 2001 09:21 am, Chris Withers allegedly wrote:
Kyler@Lairds.com wrote:
On Tue, 11 Dec 2001 13:43:45 -0500 (EST):
I've found that it would be very useful to be able to define groups of users and then grant a local role to that group rather than individual users.
A role is essentially a group.
I think the general consensus is that a role is not essentially a group although the two can be easily confused ;-)
cheers,
Chris
I think that the key difference is that: - A role is a collection of permissions. - A group is a collection of users and possibly other groups. That said, many systems allow you to assign permissions to groups and directly to users, something Zope currently does not support. Something like groups makes it simpler to affect whole lumps of users all at once. Roles can also be used to acheive a similar goal, but since they are more about bundling permissions than users, and they are often location specifc, they are less than ideal for this purpose. /---------------------------------------------------\ Casey Duncan, Sr. Web Developer National Legal Aid and Defender Association c.duncan@nlada.org \---------------------------------------------------/
participants (6)
-
brian.r.brinegar.1 -
Casey Duncan -
Chris Withers -
Florent Guillaume -
Kyler@Lairds.com -
Steve Drees