We have a custom UserFolder that authenticates users agains a PH directory. This means that we have the same 30,000 or so users defined in all of our user folder instances. Seeing no reason to redefine users in multiple user folders we made a decission to place one user folder in the root of our system and then grant users local roles on an object by object basis. Everything works great! Problem: We would like to have some roles assigned dynamically based on user information. For example: A role called "Staff" if the PH directory has the user listed as staff. We would like to be able to do this on an object by object basis, but have the roles only exist for a single request. So we don't have to give 15,000 people a local role and then track who leaves and who gets hired. Example: Folder hierarchy: /Work We would like something in "Work" that says if the authenticated user is staff they get the local role "Staff" The user would be defined in the User Folder in the root. We're open to any solutions/comments. Thanks, --Brian Brinegar ECN Web Technician MSEE 104 A 494-3106 http://www.geeksoft.net/