After struggling for a long time with a denial to use manage_changeProperties in clone methods for some (in fact all but me because I'm superuser) of the developers of our Zope site, I found today that I had to set the proxy securities of the cloning method to solve these problems. The developers have manager rights from the root - that is to say right to do everything. The problems only occur from methods acquired from other folders, as follows: folder1 item_to_be_cloned cloneMethod (including changeProperties on the cloneditem) folder2 cloneForm calling cloneMethod While under the proxy tab it is stated that "Proxy Roles allow a DTML Document or Method to access restricted Zope resources. Normally a DTML Method or Document can only access resources for which the user is authorized. By adding Proxy Roles, you allow the DTML Document or Method to act with additional roles, beyond what the user may have." This either is a misleading text, or this is a bug or an unexpected feature, or once more I have to deepen my Zen. The developers _do_ have the rights to manage properties, that's obvious. So changing the proxy roles should not make any difference, or should it? Is it acquisition that is interfering here, and if so, how? Could someone who is closer to Nirvana than me explain this. Please enligten me. Rik