[Zope] role, user defined roles, and inclusion

Chris Withers chris at simplistix.co.uk
Wed Mar 30 02:31:13 EST 2005


Hi Dennis,

Dennis Allison wrote:
> Are the standard roles (anonymous, authorized_user, manager) inclusive?  
> By inclusive I mean that an authorized_user is also treated as an
> anonymous_user and that a manager is also anonymous and an
> authorized_user.  

Anonymous and Authenticated are two special roles.

A user will have the Anonymous role iff they have not supplied any 
authentication credentials.

A user will have the Authenticated role iff they HAVE supplied 
authentication credentials.

A user will never have Authenticated and Anonymous roles at the same time.

For all other roles, the user has those roles or not. Having or not 
having a role has no effect on having or not having any other role.

The permissions a user has is the logical OR of all the permissions 
mapped to all the roles the user has.

eg:
         Anonymous  Authenticated Manager Wizard
BeAnon  x
View    x          x             x
Change             x
Delete                           x
Magik                                    x

So, the anonymous user can view things, and is the only user who can BeAnon
A manager can View and Delete things, they can also Change things by way 
of their being authenticated.
A person with only the Wizard role will be able to do Magik as well as 
change and view things by way of being authenticated.
A user with Manager and Wizard roles will be able to view, change, 
delete and do magik, but even that magik won't allow them to BeAnon ;-)

HTH,

Chris

-- 
Simplistix - Content Management, Zope & Python Consulting
            - http://www.simplistix.co.uk



More information about the Zope mailing list