On Fri, Apr 07, 2006 at 03:33:28PM +0200, Achim Domma wrote:
> I'm just learning Zope and have a question regarding the security model:
> Do I understand it right, that I do not grant a permission to a principal on
> a certain
> object instance? I only grant a permission to use a certain interface!?
You can either grant permissions to principals (or groups/roles) globally.
can be used in multiple ways:
* To protect Views. You can only access views you have permissions for (e.g.
<browser:page ...> )
* To protect attributes/methods of classes (*not objects*) (<class
* To define, who is allowed to modify certain attributes (<class
...><required set_schema=...> )
Additionally you may grant permissions (and role memberships) on a per object
(*not per class*)
basis ( using e.g. the grant.html-View) which effects only a single object.
PS: @zope-gurus: Please correct me if I'm wrong, I' still learning, too :-)
Zope3-users mailing list