On Tue, 25 Sep 2001 19:53:53 +0200, "Max M" <maxmcorp@worldonline.dk> wrote:

Every class is an objectManager, and I give the users a local role of "manager" for their own area. I do this in dtml as it has to be automated. Users and such are set up by secretaries, and they should not have to understand security ti add a student to a class.

But I wonder if it would be smarter to set the permissions directly for their own areas? Is it dangerous to give them local roles of managers?

What does everybody else do in practice?

Setting a local role is the right way to express that relationship between the person and their area. However, you might want to look at the permissions associated with the manager 'Manager'; I suspect you didnt intend for users to be able to create new user accounts, even if those new accounts would only be valid within their area. It might be better to create a new role with exactly the permissions that you want to give out. (but still allocating it as a local role). Exactly what you call this role depends on what users will be doing in this area..... I often find the standard 'Owner' role expresses the right relationship. Toby Dickenson tdickenson@geminidataloggers.com