My suggestion for splitting the role or allowing an "anyone" or "public" role would 
allow "anonymous" to be maintained and used to identify users that are not 
authenticated. (This seems to be the norm now for DTML.)
The new role would basically be defined as "ignore all security and allow access"

Placing the alternate User Folder at the root and using hierarchical roles defined at 
the root level would make it more manageable, but it would have several drawbacks I 
can think of off hand: more complex management, shared security model in virtual 
servers, and difficult for newbies to implement security without locking themselves 
out of the entire system.

Perhaps a flag for "use security"/"don't use security" on this folder/object would be 

I haven't seen this submitted to the Bug Collector yet..

> > ----------
> > From:       Chris Withers[SMTP:[EMAIL PROTECTED]]
> Dieter Maurer wrote:
> > In Zope, each user has a set of roles.
> > Any user has the "Anonymous" role. Log-in users may have
> > additional roles.
> I'm not convinced this is true...
> Quoting from the LoginManager CHANGES.TXT file:
> > Generic User Source, like the GenericUserFolder product it was 
> inspired by,
> > gave all users the Anonymous role. This seems to be incorrect 
> according to 
> > what other user folders do, including the standard Zope 
> version, so GUS now 
> > no longer does this.
> ...which is why Alan experiences this problem. I've also run into it
> just using a normal acl_users folder and I've been mentioning every few
> months since I bumped into it back in March. Here's my opriginal post:
> I wish this could get sorted out as it makes security a nightmare unless
> you use a web of local roles, which is painful and messy to maintain.
> Is there any reason why every user shouldn't have the anonymous role for
> every accessible page/object/thing visitable through a protocol?
> cheers,
> Chris

Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to