On Fri, Apr 07, 2006 at 03:33:28PM +0200, Achim Domma wrote:
> Hi,
> I'm just learning Zope and have a question regarding the security model:
> Do I understand it right, that I do not grant a permission to a principal on 
> a certain 
> object instance? I only grant a permission to use a certain interface!?

You can either grant permissions to principals (or groups/roles) globally. 
Those permissions
can be used in multiple ways:
   * To protect Views. You can only access views you have permissions for (e.g. 
<browser:page ...> )
   * To protect attributes/methods of classes (*not objects*) (<class 
...><required interface=...>)
   * To define, who is allowed to modify certain attributes (<class 
...><required set_schema=...> )

Additionally you may grant permissions (and role memberships) on a per object 
(*not per class*)
basis ( using e.g. the grant.html-View) which effects only a single object.



PS: @zope-gurus: Please correct me if I'm wrong, I' still learning, too :-)
Zope3-users mailing list

Reply via email to