[Zope] Re: [Zope3-dev] a note on groups and roles

Jim Fulton jim@zope.com
Mon, 25 Mar 2002 10:20:50 -0500 

Lennart Regebro wrote:
> 
...
> I any case:
> There are a lot of permissions in a Zope system. When adding some more
> products, you get even more permissions.

I think we'll address this in two ways in Zope 3:

- We'll make it possble to build sites with few permissions by putting
  permission definition under the site manager's control. Many sites would
  be better served by course-grained permissions.

- For sites that need fine-grained permissions, we'll provide a mechanism
  for grouping permissions in the UI. See for example:
  http://dev.zope.org/Wikis/DevSite/Projects/ComponentArchitecture/GroupingPermissions

> Roles are a grouping of permissions,

Somehow, I really don't like describing roles this way. Roles are principal
responsibilities. Principal responsibilities require certain permissions.


> and is neccessary to make the permission system mangeable. If
> you each time you need to locally change the permission settings for a group
> of a person have to wade through 30-40 permissions and remember exactly what
> each of them does, you will only end up with giving most people the rights
> to do almost everything.

Yup. 
 
> The only problem with the Roles system is that people over and over again
> mistake it for usergroups, since they are expecting usergroups. This can be
> fixed by having some type of usergroups in addition to the roles. Then
> people won't think roles are usergroups, read the documentation and see the
> light. Besides, some type of user grouping is necessary.

I agree.
 
> Also, the Anonymous and Authorized roles should be removed, because these

I think you meant "Authenticated"?

> are not proper roles, and may add to the confusion of roles and groups.

Hm, from a conceptual point of view, this is a very good point.

> Anonymous should be a built-in and non-removable principal.

It is a group that includes all other principals.

> If it helps to
> clear up the roles concept, maybe some other roles like "Author", "Viewer"
> or "Member" should be created by default. But "Authorized" is a state, not a
> role.

Perhaps it should be viewed as a group that all principals with any
credentials are in. Perhaps it's just a concept that should be left
to specific authentication services.

 
> > FWIW, relatedly, I don't understand the use of the term "principal"
> > instead of "user" for the "entity with credentials" in Zope 3.
> 
> Neither do I.

Really? Even after reading:

http://dev.zope.org/Wikis/DevSite/Projects/ComponentArchitecture/SecurityFramework

Jim

--
Jim Fulton           mailto:jim@zope.com       Python Powered!        
CTO                  (888) 344-4332            http://www.python.org  
Zope Corporation     http://www.zope.com       http://www.zope.org