Wichert Akkerman <[EMAIL PROTECTED]> writes:
> > Use a dynamic group. > > Wichert. > Wichert, Thanks for the response. I can see where there's some similarity in the notion of adding a role to a user dynamically and adding a user to a group dynamically, assuming that the group has the requisite roles. But my problem (and maybe I wasn't clear about this before) is that the condition that determines access is based on both an external condition and an attribute of the object itself, which is why was trying to make this work with local roles. I didn't think that the object was available from the role or group plugins, but if I'm wrong, please let me know. Actually, maybe I should rephrase my problem, and see if you have a suggestion. Basically, I need to set up a security model such that access to a given object requires a combination of "roles". For example, I might have an object that would be labeled "Alpha", "Beta", "Gamma", and a user must possess, at a minimum, all three roles to be able to see the object. I could implement this with 2**n - 1 roles, so I would have 7 roles and a separate workflow state for each role - not too bad. The problem is one of scale - if I have 6 labels, I end up with 63 workflow states. So instead, I was trying to use the labels as object attributes and adding roles at runtime. Does this make sense? Any advice you could give would be greatly appreciated. Thanks again, Stan _______________________________________________ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas