Hi, I'm a little confused by the "permission" attribute on the <adapter> statement. First of all, a principal not having the set permission still gets the adapter. That wouldn't be much of a problem if the adapter was securiy-proxied. The adapter is created with the _protectedFactory: def _protectedFactory(original_factory, checker): # This has to be named 'factory', aparently, so as not to confuse # apidoc :( def factory(*args): ob = original_factory(*args) try: ob.__Security_checker__ = checker except AttributeError: ob = Proxy(ob, checker) return ob factory.factory = original_factory return factory I wonder why the factory only creates a security proxy when it cannot assign __Security_checker__ to the adapter. I suppose this is intentional? Regards, -- Christian Zagrodnick gocept gmbh & co. kg · forsterstrasse 29 · 06112 halle/saale www.gocept.com · fon. +49 345 12298894 · fax. +49 345 12298891