[Zope-dev] Moving forward on Zope 2.6

Lennart Regebro lennart@torped.se
Wed, 20 Mar 2002 19:23:08 +0100


From: "Florent Guillaume" <fg@nuxeo.com>
> No no no ! With NUG the Roles added to a group are still added at the
> local role level, which means that the 'bosses' group only has a Boss
> role where you want it.

Yes, of course. But what I was aiming at is that all the Bosses have Boss
right at all the places where the Boss group have rights. There is no way to
differentiate within one group.

> I really think that my model can be used for what you do.

Sure it can. What you have to do is that for each role that you want within
a workgroup you will have to create one group. So if you have ten
departments, and you have five roles within these departments (f ex authors,
reviewers, HR, CR and Bosses), you just create 50 different groups, one
group for each department and role, and assign the permission for each of
these fifty roles at the correct locations in the hierarchy.
In a nightmare scenario, each department should have exclusive access to say
2 areas, and access to one shared area.
This means that you need to do 50*3 = 150 group to roles mappings.

So yes, you can. It's just more work. Just as if this was done without any
groups at all, you would have to add each user to the local roles to each
place. Say 15 users in each department times ten departments is 150 users
times 3 locations gives you 450 separate assignments. No fun.

With workgroups you create ten workgroups. Within each workgrup you assign
users to their respective roles. You then add the workgroups to the correct
places in the hierarchy. It also opens for the possibility to assign
workgroup managers that can create users and add them to their groups
without having any other manager rights (although this could be added later
to make it easier to implement).

> By the way, have you reviewed the use cases for workgroups that I put in
> http://www.zope.org/Members/nuxeo/Products/NuxUserGroups/README.txt ?

Now I have. :-)