--- a/src/pyams_security/interfaces/__init__.py	Wed May 20 12:31:27 2015 +0200
+++ b/src/pyams_security/interfaces/__init__.py	Wed Jun 17 09:59:18 2015 +0200
@@ -33,6 +33,9 @@
 from pyams_security import _
 
 
+FORBIDDEN_PERMISSION = 'system.forbidden'
+
+
 class IPermission(Interface):
     """Permission utility class"""
 
@@ -63,6 +66,12 @@
                       value_type=TextLine(),
                       required=False)
 
+    managers = Set(title="Managers",
+                   description="List of principal IDs allowed to manage this role. "
+                               "If it's a role, use 'role:role_id' syntax...",
+                   value_type=TextLine(),
+                   required=False)
+
 
 class IPrincipalInfo(Interface):
     """Principal info class
@@ -178,8 +187,12 @@
 class IDirectoryInfo(Interface):
     """Principal directory plug-in interface"""
 
-    def get_principal(self, principal_id):
-        """Returns real principal matching given ID, or None"""
+    def get_principal(self, principal_id, info=True):
+        """Returns real principal matching given ID, or None
+
+        If info is True, returns a PrincipalINfo record instead
+        of original principal object
+        """
 
     def get_all_principals(self, principal_id):
         """Returns all principals matching given principal ID"""