[Zope-CMF] permissions/roles

Sally Owens sowens@brookes.ac.uk
Tue, 04 Feb 2003 17:05:51 +0000


Apologies if this is something that has been covered on this list (I've 
only just joined but a quick glance at the archives didn't answer my 
question)...

We want to create a user role of 'Web Manager' in our CMF site and we want 
this user to be able to create new users but only new users *with a 
particular role* i.e. we don't want someone in a 'Web Manager' role to be 
able to create a new user and assign them the role of 'Manager', but we do 
want them to be able to assign the role of 'Web Editor' to a new user (the 
web editor role has fairly limited permissions).

This is really a question about devolving responsibility I guess. We don't 
want to have to set up every new user and assign them a role - we want web 
managers to be able to set up users (for their team), but not for them to 
be able to set up very powerful user roles for these users. Is there a way 
of either restricting a permission (so that the permission to add a new 
user could be restricted to only allow the creation of users with certain 
roles) or an easy way of adding a new permission to the security tab list 
(so that we could have some sort of 'create a new Web Editor user' permission)?

All advice gratefully appreciated!

Sally