Looks like there is a bug in Zope 2.10.2 with OFS/Traversable.py on line 228: if not ok: if (container is not None or guarded_getattr(obj, name, _marker) is not next): raise Unauthorized(name) Here is my debugging session: (Pdb) guarded_getattr(obj, name, _marker) 'Guo Zhonghai' (Pdb) obj <Contact at /creme/Contacts/Contact_1125> (Pdb) name 'title' (Pdb) guarded_getattr(obj, name, _marker) 'Guo Zhonghai' (Pdb) p next 'Guo Zhonghai' (Pdb) guarded_getattr(obj, name, _marker) == next True (Pdb) guarded_getattr(obj, name, _marker) is next False (Pdb) type(guarded_getattr(obj, name, _marker)), type(next) (<type 'str'>, <type 'str'>) (Pdb) id(guarded_getattr(obj, name, _marker)) 46912619931440 (Pdb) id(next) 46912619931720 Thus, often string attributes will fail with this check. In my opinion the code should read: if not ok: if (container is not None or guarded_getattr(obj, name, _marker) != next): raise Unauthorized(name) If you agree that his is a bug, I'll log it. -- Roché Compaan Upfront Systems http://www.upfrontsystems.co.za