Thanks for your reply. My confusion is about "object" when it is not a table. For one thing, the appadmin interface seems to force the object to be a table--it is chosen from the drop down box of available tables. Do I have to create a dummy table for each of these permission objects?
Beyond the mechanics, what s the purpose of "object" when it is not a table? Is it an extra level of refinement on the permission system? Elaborating on this example from the book, does a statement like... auth.add_permission(calculator, 'add', 'number') say that members of group calculator are allowed to add numbers? Whereas, a statement like... auth.add_permission(stringers, 'add', 'string') says that members of group stringers can also add, but strings instead of numbers? And in both cases, as I understand it, in contrast to the permissions on tables, there is no built-in support to actually enforce these permissions, beyond decorating all my functions correctly. Tim
