[Zope] Zope security management

[John R. Daily]

> Yes, as you can already get what you want:
> 
>   When you uncheck the acquire checkbox, you can explicitly
>   control (locally) which roles have the respective permission
>   independant of any setting higher up in the hiararchy.
> 
>   Thus, your third state is not locally at each cell but
>   sticks to a complete permission role.

That is precisely what is wrong with the model. To achieve manageable
and genuine security, I want to acquire _all_ permissions and
specifically deny those roles to which the inherited permissions may
not be correct.

-John