Dear Zopistas, I just met the following problem caused by a misfortunate name clash between Python2.x and Zope: DTML-Document: <dtml-var standard_html_header> <h2><dtml-var title_or_id></h2> <table cellpadding=5> <dtml-in propertyIds> <dtml-let p=sequence-item> <tr><th>&dtml-p;</th><td><dtml-var "_[p]"></td></tr> </dtml-let> </dtml-in> <dtml-var standard_html_footer> When this document is rendered, Shane's wonderful ZDebug tool reports: Error type: Unauthorized Error value: Access denied for <built-in method title of string object at 0x8d45e50> because its container, 'title', has no security assertions. Innermost method: /Test/wt/Target Namespace Stack (innermost entry at top) ID Type (N/A) mapping with keys: ['p'] ? InstanceDict ? DocumentTemplate.DT_InSV.sequence_variables (N/A) mapping with keys: ['propertyIds'] (N/A) mapping with keys: ['document_id', 'document_title'] Target InstanceDict Target InstanceDict REQUEST ZPublisher.HTTPRequest.HTTPRequest .... problem in "_[p]". What happens here? "dtml-in" pushes the property id "title" (a string) onto the namespace stack. It is the next-to top "InstanceDict" entry. Starting with Python 2.0 (maybe 1.6), string objects have methods, among them "title". When "title" is looked up in the namespace, the "title" of the string object is found and not the one of the DTML Document. This wrong "title" method gives an "Unauthorized" exception because string objects do not participate in Zope's security mechanism. Danger Any string object on the namespace can prevent access to the "title" property. Propably only "dtml-in" and (if used wrongly) "dtml-with" are affected. Thank you Shane for the wonderfull "ZDebug". Without it, it would have been much more difficult to analyse this problem. Dieter