I was going to put this up as a proposal, but I can't figure out how to add
a new proposal... :-) Then I checked out the new collector, and there is a
possibility to add a "feature" there too, so maybe this fits better there?

Anyway, heres the suggestion:

When developing a CM system in Zope a customer asked for a possibility to
"block out" a persons local role lower down in the hierarchy. That way a
person that has manager rights on a country-level could have these rights
removed on a regional level.

So, we implemented this as a HotFix, that seems to work fine. It also has a
user interface for local roles that is somewhat easier (in my opinion) to
use.

So what do you think? Is this stupid or good? Is it a "feature" or a
"proposal"?

I attached the files, you can put the __init__.py in any directory under
Products, and the dtml-files in a directory 'dtml' under that if you want to
try it out. I think it should work with a clean Zope installation (although
we haven't tested that for a couple of weeks).