[ZDP] BackTalk to Document The Zope Book (2.5 Edition)/Users and Security

[webmaster@zope.org]

A comment to the paragraph below was recently added via http://www.zope.org/Documentation/Books/ZopeBook/current/Security.stx#3-4

---------------

      Once you've been authenticated, Zope determines whether or not you
      have access to the protected resource. This process involves two
      intermediary layers between you and the protected resource,
      *roles* and *permissions*. Users have roles which describe what
      they can do such as "Author", "Manager", and "Editor". Zope
      objects have permissions which describe what can be done with them
      such as "View", "Delete objects", and "Manage properties".

        % Anonymous User - Sep. 22, 2002 1:22 pm:
         Roles classify users? How many roles can a single user have? At any one time?
         Permissions classify object access (attribute read/write+method calls)? Right?