I've written a Zope product that exposes a "MenuItem". I add a menuItem in a Zope folder, and I have no difficulty accessing and editing it via the ZMI. I've written an xml-rpc-like protocol for Zope, that basically validates the security "manually". This menuItem has an attribute called "def getVersion(self):" which returns an int. This is the Code that prevents me from accessing the method in python, via my protocol: if not AccessControl.getSecurityManager().validate(None, object, attributes[-1]): raise UnauthorisedAccessException('Unauthorised: ' + originalAddress) object = <bound method HWMenuItem.getVersion of <HWMenuItem instance at 01B7B290>> This is the method getVersion attributes[-1] = "getVersion" (string) UnauthorisedAccessException: Unauthorised: menus.administration.addUser.getVersion This code works for any other default Zope type, but not mine. Did I perhaps forgot a permission or something? I can access this fine via the ZMI, but when I validate it this way, python just starts cursing at me. Can somebody help? Thanks H