ZCML File
mapping.zcml

<configure
    xmlns="http://namespaces.zope.org/zope"
    >
<include
    file="meta.zcml"
    package="zope.securitypolicy"
    />
<grant
    role="zope.Bar"
    permission="zope.Foo"
    />
<grant
    principal="zope.Blah"
    permission="zope.Foo"
    />
<grant
    principal="zope.Blah"
    role="zope.Bar"
    />
</configure>