Need Help for Zope5 extra roles from DB

Dear All

I am working with Zope v5 and I must integrate new dinamic roles (database defined) to the standard AccessControl library:

my_user = AccessControl.getSecurityManager().getUser()
roles = my_user.getRoles()

I have read lots of specification about the Delegating / Role and the function getUserDetails which read the following data in order to work properly and provide extra informations from database to framework via query: NAME, PASSWORD, ROLE.

What combination of plugin such as "ZODB User Manager" / "Scriptable Plugin" are needed to do this?
After numerous attempts I still can't get it working.

Thank you very much for taking the time to resolve this question

The the "Pluggable Authentication Service" you have the ability to define roles plugins. See Pluggable Authentication Service — Plone Documentation v4.3

Also, take a look at the plugins defined in the acl_users object, that's the starting place.

I think this can be a good starting point, add roles and groups dynamically based on http headers. It is a multiplugin plugin (implements different interfaces).

Pollicino via Plone Community wrote at 2022-11-7 11:00 +0000:

I am working with Zope v5 and I must integrate new dinamic roles (database defined) to the standard AccessControl library:

AccessControl already supports user defined roles
via the AccessControl.rolemanager.RoleManager
attribute __ac_roles__.

Usually, this is a static attribute (directly defining the roles
known by this RoleManager).
But in your own RoleManager class, you could make it
dynamic.

import AccessControl
my_user = AccessControl.getSecurityManager().getUser()
roles = my_user.getRoles()

The __ac_roles__ attribute mentioned above would make
the custom roles known to the ZMI access page (i.e. manage_access)
and allow you to use them in the permission to role mapping.
It would not give a user different roles.
For this, you would need a custom user/user folder implementation,
e.g. Products.PluggableAuthService -- as suggested by other
commenters.