OTOH Anonymous and Authenticated really shouldn't be roles but groups, and indeed in CPS we have special groups representing Anonymous and Authenticated. That makes things *much* more orthogonal, and local roles (local group roles actually) can be used with them to assign rights. But I digress.
I find the distinction between roles and groups to be useless ;-)
Simplistix - Content Management, Zope & Python Consulting
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce