[Zope3-dev] Initial thoughts on the Zope3 security framework
Jim Fulton
jim@zope.com
Tue, 11 Dec 2001 08:57:20 -0500
Martijn Faassen wrote:
>
> Ken Manheimer wrote:
> [snip]
> > I think that, ideally, it's relatively rare to create new roles, while
> > role-to-permission mappings are typically adjusted on a per-product basis,
> > and role-to-account mappings are adjusted (using local roles) on a
> > per-instance basis to assign privileges to particular users within the
> > context of the instance.
>
> While this seems to make sense, it doesn't seem to include the use case
> where I want to close a certain section of the site to anonymous.
I'm not sure exactly what that means.
> Role to permission mappings there don't seem to be adjusted on a per-product
> basis, right?
Only if the permissions affect just that product, which is somewhat
common today.
You will also be able to change the security assertions for a product,
without changing the software. This is probably the tool you want.
Jim
--
Jim Fulton mailto:jim@zope.com Python Powered!
CTO (888) 344-4332 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org