[Zope] zope rant

Chris McDonough chrism@digicool.com
Mon, 16 Apr 2001 12:53:46 -0400


There is a belief inside DC that security is the domain of the administrator
and therefore setting security info needs nothing other than the web
interface.  I'm sure some folks are going to say "that's nuts!", and
personally I think you're right.

A while ago a put up a proposal on dev.zope.org named ProductRoleManagement,
which proposed to allow Product authors to manipulate roles.  It was
summarily shot down for the abovementioned reason.  But I think what I was
*really* trying to say ;-) was that security management needs an API for
programmatic setting of roles and permissions (other than the current
RoleManager stuff). I think this is a nobrainer, but the questions are:

1.  What is the API?

2.  What is the API's audience?

Things like this are best worked out in the Fishbowl (http://dev.zope.org)
via a proposal.

----- Original Message -----
From: "Tony McDonald" <tony.mcdonald@ncl.ac.uk>
To: <zope@zope.org>
Sent: Monday, April 16, 2001 12:17 PM
Subject: Re: [Zope] zope rant


> On 16/4/01 3:35 pm, "Cees de Groot" <cg@cdegroot.com> wrote:
>
> >, manage security without having to
> > scroll to a couple of hundred K of HTML tables, etcetera?
> >
>
> Cees has a point here regarding the management of security. Does anyone
know
> of any tools available to manage security without using the web interface.
> Does XML-RPC have a role (ho ho) to play here?
>
> Cheers
> Tone.
> --
> Dr Tony McDonald,  Assistant Director, FMCC, http://www.fmcc.org.uk/
> The Medical School, Newcastle University Tel: +44 191 243 6140
> A Zope list for UK HE/FE  http://www.fmcc.org.uk/mailman/listinfo/zope
>
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>