[Zope-dev] CoreSessionTracking - "Access Session Data" permission

Chris McDonough chrism@digicool.com
Tue, 3 Oct 2000 19:47:20 -0400


> Hi Chris,
>
> in an earlier message, you defended the existence of a
> separate permission "Access Session Data" (in the
> CoreSessionTracking proposal) by the following
> case:
>
> There may be (authenticated) users with
> (TTF?) scripting rights that should be prevented
> to screen session data (by withdrawing
> the "Access Session Data" permission from
> them).
>
> This will only be effective, when not all users automatically
> have the "Anonymous" role.

Yes, this was brought up earlier today by someone at DC.  I need to think
about it more.  :-(

> Why am I against new permissions?
> This has partly to do with the current Zope permission management.
> As soon as you have more than a few products installed and
> created a few additional roles, permission management becomes
> a nightmare: it is very difficult to keep the overview
> with the current unstructured, non-batched permission setting
> view.

I agree that the current permissions management interface is tough to
navigate.  I think we should probably fix this instead of limiting features
of products because we're worried about cluttering the permissions
management interface.  That said, I don't know of any initiatives to do so.
:-(