Previously Jens Vagelpohl wrote: > Roles are "global". User objects get them assigned upon creation.
Upon creation of what? > Local roles are only used within the context they are defined in. So > if user "A" has role "Member" after authenticating at the root in / > acl_users, and he has a local role "Manager" in /members/A, then > security validation will recognize him as Member and Manager for all > items accessed in or underneath /members/A, but only as Member > everywhere else. Right. > If ZODBRoleManager does not "see" global roles added after its > instantiation then that's a bug. ZODBRoleManager only adds and updates roles in itself and never in the RoleManager, which suggests that it is meant to take over global role management completely. So I'm thinking that it should either indeed take that role and implement an interface for it, or not and always use __ac_roles__ from the closest containing RoleManager instead of using its internal data structure. Wichert. -- Wichert Akkerman <[EMAIL PROTECTED]> It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. _______________________________________________ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas