Dieter Maurer wrote:
>  > > In Zope, each user has a set of roles.
>  > > Any user has the "Anonymous" role. Log-in users may have
>  > > additional roles.
>  >
>  > I'm not convinced this is true...

> The Content Manager Guide (Security, Authorization) states it
> this way:
>   The "Anonymous" role, which all users have implicitly, ....

...and check out the last time the Content Manager's Guide was updated

Seriously, though, I think this SHOULD be true, although I'm pretty sure
it isn't.

> This is natural, too.
> Why should a registered user have
> less authorization than an anonymous one.

Or, to put it another way, just because an acl_users folder doesn't know
anything about a user, why should that user not have the anonymous role?

> Thus, two reasons to change the Zope authorization, such
> that each user has implicitely the "Anonymous" role,
> if this is not the case now.

I totally agree :-)


Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to