On Tue, 22 May 2001, Astheimer, David (GXS) wrote:
Which permission is required to allow a person to add/change/delete items in the standard User Folder? Granting the manager role to a person seems to do the trick. However, I'd like to open the User Folder to "lesser admins" who do not need full manager rights, but do need to add folks and dole out roles.
Don't you see a trap here? :) See, your "lesser mnager" can add users. Well, she adds a user... with mnagement rights! And immediatly login as this user!!! If a person can mange users, she can get manager rights. So why not give them anyway, without forcing them to cheat? :) To developer: IWBN if the user who can add users would allowed to set roles not higher than its own roles, wouldn't it? Oleg. ---- Oleg Broytmann http://www.zope.org/Members/phd/ phd@phd.pp.ru Programmers don't die, they just GOSUB without RETURN.