[Zope] uses, roles and groups

Stuart 'Zen' Bishop zen@cs.rmit.edu.au
Tue, 21 Dec 1999 10:21:20 +1100 (EST) 

On Fri, 17 Dec 1999, Oliver Frommel wrote:

> > > an editor role) dependent on the user belonging to a certain group.
> > > AFAIK none of the products USerDB, GUF oder etcUserFolder provides hooks for
> > > this.
> > 
> > A role *is* a group. You grant arbitrary priviledges to a role, and all 
> > users with that role (members of that group) will also get those privs.
> >
> 
> well, in principle it isn't I think. However you sure can use roles for 
> emulating some kind of group paradigm. Having a group e.g. for certain
> folders would not need more than one role for all of them.

If you define the role in a higher folder, it flows down. If you
define your roles in the Zope root folder, then they function exactly
like Unix or Netware groups. They would also function exactly like NT groups
if role membership could be nested.

I define all my users using one acl_users folder. All users have the
'authenticated user' role. They are members of this role throughout my
entire site, and I only added the role once to the top of my tree.

> If I try what you suggest, what's a good way to create a new role when I
> create a new subfolder? e.g. I have a DTML method for creating new
> departments' folders, therefor I need to create a new group for each of those
> with the same set of permissions ..

If you want to define new roles, use manage_defined_roles defined
in the RoleManager base class (lib/python/AccessControl/Role.py).
You can call this method on either the folder you have just created,
or one of its PARENT folders depending on where you want this role
to be visible. If you don't have many roles, you can just define them
all in your root container (but if you have larger numbers of roles, your
management screens get cluttered, so you define them only in the
trees you need them).

-- 
 ___
   //     Zen (alias Stuart Bishop)     Work: zen@cs.rmit.edu.au
  // E N  Senior Systems Alchemist      Play: zen@shangri-la.dropbear.id.au
 //__     Computer Science, RMIT 	 WWW: http://www.cs.rmit.edu.au/~zen