This is a "HotFix" type of product that enhances Zopes local roles handling with so called "blacklists". It enables you to block out users local roles assignment so they won't propagate further down the folder hierarchy.
This way a user may have manager rights at the root level, but only anonymous rights at subfolders, enabling you to have a manager for the global website that does not have manager rights at the country websites, as an example. It does not block out the global roles.
It also contains an (IMO) improved user interface for managing local roles.
It probably only works with Zope 2.3.x. I hope to get time to update it for Zope 2.5 this spring.