[Zope-CMF] A role to assign local roles.

[Adam Fields]

Lalo Martins says:
> Luca, you have a security problem with your setup. It's very
> simple.
> 
> If you allow Joe and Jane to assign the role "Reviewer" to other
> people, and they don't have that role themselves, then you're
> allowing them to assign this role to themselves. So, in effect
> it's exactly the same situation you'd have if you just gave them
> the roles.

Not exactly. You could allow the HR role to assign roles to some other
subset of users that doesn't include their own account. If you don't
give that HR role permission to create new accounts or change
passwords, it's not the same as giving them the roles they can
assign. It may still be subvertable by other means (social
engineering) - so you'll want to implement good logging and alerts for
questionable accesses. You could also require multiple separate
verifications in order to assign roles with more dangerous
permissions. This is just the sort of thing workflow is supposed to
handle.

> Also, if you allow them to assign *any* role to anyone, they can
> assign "Manager" to themselves and wreak havoc, which defeats
> the point of the whole Zope security machinery.

Well, this is true.
				- Adam

-----
Surgam, Inc. is a technology consulting firm with strong background in
delivering scalable and robust enterprise web and IT applications.
http://www.surgam.net