[Zope] Doing security the right way roles/localroles/permissions

Max M maxmcorp@worldonline.dk
Tue, 25 Sep 2001 19:53:53 +0200


I am building a site for some schools.

It has a structure something like this:

Home

    acl_users/

    class01/

        teacher01/
        teacher02/
        teacher03/
        ...

        student01/
        student02/
        student02/
        ...

    class02/

        ...

Every class is an objectManager, and I give the users a local role of
"manager" for their own area. I do this in dtml as it has to be automated.
Users and such are set up by secretaries, and they should not have to
understand security ti add a student to a class.

But I wonder if it would be smarter to set the permissions directly for
their own areas? Is it dangerous to give them local roles of managers?

What does everybody else do in practice?

regards Max M

Max M. W. Rasmussen,    Denmark.   New Media Director
private: maxmcorp@worldonline.dk work: maxm@normik.dk
-----------------------------------------------------
Shipping software is an unnatural act