From: derek <de...@po...> - 2011-05-24 13:48:32
|
On May 24, 3:19 am, Denis Bitouzé <dbito...@wanadoo.fr> wrote: > Le dimanche 22/05/11 à 10h52, > derek <de...@pointerstop.ca> a écrit : > > > > What I don't understand is that you can roles and permissions are > > > mixed up in the ZMI: for instance, you can grant or forbid the > > > "View" _permission_ to "Anonymous" or "Authenticated" _roles_. > > > I don't see your point. Of course both roles and permissions are > > there - you have to have _something_ to grant permissions to. It > > could be users, it could be groups. Roles allow greater flexibility. > > Roles are like a super-group. > > I understand this. What I didn't understand was your remark: > > > > > You're warned against changing _permissions_ (not roles) through > > > > the ZMI. > > For a given role, what can you do apart changing permission(s)? It's not that you can't change permissions in the ZMI (you can), but that you _shouldn't_. You should only change the roles a user has (through the sharing tab) or map roles to permissions through workflow definitions. I was going to say something like "you should only change permissions in the ZMI if absolutely necessary" - but I think if you find it absolutely necessary, you haven't thought hard enough :-) If you have a case that can not be handled through existing workflow, then you really should be creating your own workflow product. |