[Zope-CMF] A role to assign local roles.

[Adam Fields]

Lalo Martins says:
> > Not exactly. You could allow the HR role to assign roles to some other
> > subset of users that doesn't include their own account.
> 
> If they're really malicious, they could work in conjunction with
> other people - say, give "Manager" to Fred and them have Fred
> give "Manager" to them.

True. Notwithstanding the fact that I was not talking about the
Manager role here (as that was mentioned later as being probably too
much power to give them), this is exactly the sort of thing I meant
when I said it could still be subverted through social engineering. In
any event, any time you grant the power to do anything, you have to
either trust that it won't be abused, keep an eye on it, or decide
that you don't actually want to grant that power.

> But the (IMHO) more dangerous situation is where they're not
> malicious. They could assign "Manager" to Fred for accident,
> perhaps because he is a Manager in the company and they
> momentarily forgot what does the role "Manager" means. Or
> something.

True. Multiple verifications would ameliorate this somewhat. Even
better would be a front-end that doesn't let the user pick underlying
roles, but instead pick the actual role describing the user ("Manager
in the Company", "Supervisor", whatever) and have the system figure
out what actual roles they get based on that.

> Personally I think it's simpler and safer to give them the roles
> they'll be assigning.

Not if you don't actually want them to have those permissions.
				- Adam

-----
Surgam, Inc. is a technology consulting firm with strong background in
delivering scalable and robust enterprise web and IT applications.
http://www.surgam.net