[Zope3-Users] understanding security

Frank Burkhardt fbo2 at gmx.net
Fri Apr 7 10:37:31 EDT 2006


Hi,

On Fri, Apr 07, 2006 at 03:33:28PM +0200, Achim Domma wrote:
> Hi,
> 
> I'm just learning Zope and have a question regarding the security model:
> 
> Do I understand it right, that I do not grant a permission to a principal on a certain 
> object instance? I only grant a permission to use a certain interface!?

You can either grant permissions to principals (or groups/roles) globally. Those permissions
can be used in multiple ways:
   * To protect Views. You can only access views you have permissions for (e.g. <browser:page ...> )
   * To protect attributes/methods of classes (*not objects*) (<class ...><required interface=...>)
   * To define, who is allowed to modify certain attributes (<class ...><required set_schema=...> )

Additionally you may grant permissions (and role memberships) on a per object (*not per class*)
basis ( using e.g. the grant.html-View) which effects only a single object.

Regards,

Frank

PS: @zope-gurus: Please correct me if I'm wrong, I' still learning, too :-)


More information about the Zope3-users mailing list