The unrestrictedTraverse method creates a fake REQUEST "object" (really a dictionary) and sends this to a __bobo_traverse__. If this __bobo_traverse__ uses the object properties of the REQUEST object, or needs the real REQUEST object it will fail. If __bobo_traverse__ raises an exception while being called from the unrestrictedTraverse method, which may easily happen if the author of the __bobo_traverse__ method expected a real REQUEST object, unrestrictedTraverse just raises the Unauthorized exception. This is extremely confusing. I would much appreciate that the _real_ REQUEST object was sent to my __bobo_traverse__, and that the exception propagated is a little more informative. I have worked around this problem like this, def __bobo_traverse__(self, REQUEST, name): if type(REQUEST) == type({}): # do something else: # do what I really wanted to do but would appreciate if the problem did not exist :-) -- Regards David.