The security architecture concerns itself with two basic ideas: who are you (authentication) and are you allowed to do this operation (authorization). Authentication involves determining who the user is based on an HTTP authentication protocol and what types of things that user is allowed to do. Authorization, on the other hand, is concerned with the operation on the object. Namely, what privileges are needed by this user to perform this operation? Managing Zope security involves managing both information about users and permissions on objects.
At first it would appear straightforward. Just keep a list of users and a list of things they can do. This model, however, would quickly break down as the number of object operations and users grew. Thus, an abstraction is inserted between users and object operations. This abstraction, discussed below, allows users and operations to be generalized.
A fundamental idea in Zope security is that administration should be turned over to others as you traverse the folders in a URL. The administrators at each level can define new administrators below their folder, thus passing the work down the hierarchy. To do this effectively, one must understand the four key components of Zope security: users , roles , permissions , and acquisition.
These concepts will be discussed in more detail in the sections that follow.
Previous Chapter | Next Chapter | Up | Next Section | Contents