I have a Python Product that I have mostly finished, and now I want to add security to it. I am importing Globals.InitializeCLass and AccessControl.ClassSecurityInfo. I am adding a ClassSecurityInfo instance in my class, and I am calling InitializeClass on my class at the bottom of the Module. I have run into the following problem: Classes in Python products that inherit from OFS.SimpleItem.SimpleItem or OFS.SimpleItem.Item have an attribute set: __allow_access_to_unprotected_subobjects__ = 1 This allows all class attributes and subobjects that are not explicitly private or protected by a permission to be accessed from the restricted code environment, or directly traversed into by a web browser. Supposedly, setting __allow_access_to_unprotected_subobjects__ = 0 inside your class will return the behaviour to the default (access not explicitly allowed is denied), but this doesn't seem to work for me. Adding explicit permissions to methods *does* work, but only for methods. Attributes such as dictionaries would be left unprotected. Can anyone suggest what I might be doing wrong? I am working with Zope 2.4 Thanks, Michael Bernstein.