- Permissions are associated with components of your applications. Zope has some built in ones but you can define new ones via ZCML and link them to components via ZCML.
- Roles are what something is supposed to be generally doing. Such as be a 'user' or 'manager'. They are defined in ZCML and are associated with Permissions and Principals via grants.
- Principals are anything that accesses something. You could call them 'users' or 'members'. They are called principals because nearly anything can serve as one. Hence why users and members is not used. Principals are associated to Roles via grants. Principals are defined in ZCML but can also be called from special components called 'Password Authentication Utilities'.
- Grants are how things are related to each other in this via grants.
If It’s Flow, It’s Art
1 day ago