[Zope-dev] Security Strangeness

[Chris Withers]

Johan Carlsson wrote:
> First, you can't delegate the permissionto add and delete user except
> by assigning the user the role "manager".
> IMHO this is to limiting.

> Second, if you give a user the permission to Change Persmissions, that
> user can change permissions that she doesn't have the right to manage
> in the first place. In that way she can upgrade here permissions.
> That's no good.

This is a little inflexible isn't it?

Chuck it in the collector I guess... :S

cheers,

Chris