> Hi Chris,
> in an earlier message, you defended the existence of a
> separate permission "Access Session Data" (in the
> CoreSessionTracking proposal) by the following
> case:
> There may be (authenticated) users with
> (TTF?) scripting rights that should be prevented
> to screen session data (by withdrawing
> the "Access Session Data" permission from
> them).
> This will only be effective, when not all users automatically
> have the "Anonymous" role.

Yes, this was brought up earlier today by someone at DC.  I need to think
about it more.  :-(

> Why am I against new permissions?
> This has partly to do with the current Zope permission management.
> As soon as you have more than a few products installed and
> created a few additional roles, permission management becomes
> a nightmare: it is very difficult to keep the overview
> with the current unstructured, non-batched permission setting
> view.

I agree that the current permissions management interface is tough to
navigate.  I think we should probably fix this instead of limiting features
of products because we're worried about cluttering the permissions
management interface.  That said, I don't know of any initiatives to do so.

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to