On 19 Jan 2006, at 22:55, Wichert Akkerman wrote:
Currently adding roles through a RoleManager breaks ZODBRoleManager:
it reads a list of all roles when it created and assumes they do not
change after that. If you add a new role you can do that through
a RoleManager directly, but ZODBRoleManager will not notice and
Can someone enlighten me as to how roles and local roles really
and why every folder has both?
Roles are "global". User objects get them assigned upon creation.
Local roles are only used within the context they are defined in. So
if user "A" has role "Member" after authenticating at the root in /
acl_users, and he has a local role "Manager" in /members/A, then
security validation will recognize him as Member and Manager for all
items accessed in or underneath /members/A, but only as Member
If ZODBRoleManager does not "see" global roles added after its
instantiation then that's a bug.
Zope-PAS mailing list