[Zope] adding roles
Dieter Maurer
dieter@handshake.de
Fri, 20 Dec 2002 21:29:12 +0100
martin f krafft writes:
> Can I add more roles than Manager and Owner?
You can, as much as you like. Its at the end of the "Security" page.
> Also, where can I find the description of their powers? Or is Manager
> simply the superuser for all objects and Owner the superuser for
> objects owned by oneself?
A role does not have any built in power (with the exception of "Manager"
which, by default, has any permission).
You associate roles with users (which means that the user can act in
the role).
You map permissions to roles (which means that the role has the permission).
You protect methods by permissions.
User "u" can call method "m" protected by permission "p"
when "u" has a role "r" associated with permission "p".
(There is another quirk to prevent Trojan horse attacks, but read
about that in the Zope Developer Guide).
The "Owner" role has no built in power but is automatically
mapped as a "local role" (--> Zope Book, Zope Developer Guide)
to the creator of an object.
Dieter