[Zope] Zope security management

John R. Daily jdaily@progeny.com
Tue, 27 Feb 2001 08:34:46 -0500


> > The first is inadequate because of the lack of control over what
> > permissions are enabled for anonymous users at the root folder. If a
> > particular permission is added to the root folder the next day,
> > anonymous users now have a permission in /private which they should
> > not have.
> 
> How will this permission be added?  Who is defining permissions for your
> site?  Are you talking about permissions defined by products your download
> and install or are you talking about permissions defined by products you
> create?

I'm not sure why this matters. Let me regroup for a moment, and
tell me if I'm mis-understanding the security model.

Within any sub-folder, one can do the following to a given role:

* Inherit the permission for all roles, but override to grant
  permission for this role.
* Inherit the permission for all roles, including this one.
* Do not inherit the permission for all roles, and grant for this
  role.
* Do not inherit the permission, and don't grant.

What's missing is this:

* Inherit the permission for all roles, but override to deny
  permission for this role.

I can't think of any other security system that makes it difficult to
deny access. The only way to deny access at a local level is to
duplicate and tweak the security information from the parent node, and
duplication of information is anathema to manageability.

-John