Dieter Maurer wrote:
In Zope, each user has a set of roles. Any user has the "Anonymous" role. Log-in users may have additional roles.
I'm not convinced this is true...
The Content Manager Guide (Security, Authorization) states it this way:
The "Anonymous" role, which all users have implicitly, ....
...and check out the last time the Content Manager's Guide was updated ;-) Seriously, though, I think this SHOULD be true, although I'm pretty sure it isn't.
This is natural, too. Why should a registered user have less authorization than an anonymous one.
Or, to put it another way, just because an acl_users folder doesn't know anything about a user, why should that user not have the anonymous role?
Thus, two reasons to change the Zope authorization, such that each user has implicitely the "Anonymous" role, if this is not the case now.
I totally agree :-) Chris