Hi, On Fri, Apr 07, 2006 at 03:33:28PM +0200, Achim Domma wrote: > Hi, > > I'm just learning Zope and have a question regarding the security model: > > Do I understand it right, that I do not grant a permission to a principal on > a certain > object instance? I only grant a permission to use a certain interface!?
You can either grant permissions to principals (or groups/roles) globally. Those permissions can be used in multiple ways: * To protect Views. You can only access views you have permissions for (e.g. <browser:page ...> ) * To protect attributes/methods of classes (*not objects*) (<class ...><required interface=...>) * To define, who is allowed to modify certain attributes (<class ...><required set_schema=...> ) Additionally you may grant permissions (and role memberships) on a per object (*not per class*) basis ( using e.g. the grant.html-View) which effects only a single object. Regards, Frank PS: @zope-gurus: Please correct me if I'm wrong, I' still learning, too :-) _______________________________________________ Zope3-users mailing list Zope3email@example.com http://mail.zope.org/mailman/listinfo/zope3-users