Hello! Until Zope 2.8.3 it was possible to access to the name of the logged in user also in a public accessible method. A thing I used quite often is hiding links which were not accessible for an anonymous user but show them in case the user has authenticated itself somewhere else in the site: <dtml-if "AUTHENTICATED_USER.has_role('Manager')"> | <a href="manage">Manage</a> </dtml-if> This no longer works in Zope 2.8.5 (2.8.4 is untested) and Zope 2.9.0. AUTHENTICATED_USER or _.SecurityGetUser().getUserName() is set to "Anonymous User" as long as the method does not require a login. When a login is reqired, AUTHENTICATED_USER is filled correctly but a unpriviledged user is no longer able to access the document. I'm not sure if I should see this as a bug or a feature and I was not able to find the change in a diff of the sources. Could you tell me more about this behavior? Beat -- \|/ Beat Rubischon <beat@0x1b.ch> ( 0^0 ) http://www.0x1b.ch/~beat/ oOO--(_)--OOo--------------------------------------------------- Meine Erlebnisse, Gedanken und Traeume: http://www.0x1b.ch/blog/