28 Feb
2001
28 Feb
'01
10:18 a.m.
"John R. Daily" <jdaily@progeny.com> writes:
Within any sub-folder, one can do the following to a given role: <snip> What's missing is this: <snip> I can't think of any other security system that makes it difficult to deny access. The only way to deny access at a local level is to duplicate and tweak the security information from the parent node, and duplication of information is anathema to manageability.
I agree with John that this is a weakness in the current system. I have often found myself wishing for something like tri-state checkboxes (grant/deny/don't care). Would it be correct to say this is not a limitation of the zope security model, but a user interface issue ? -Simon