Hi, I mentioned this briefly on the Zope list but I think it sits better here... You can currently access things like standard_html_header, etc from any site url (www.zope.org/standard_html_header for example) along with withods like title_or_id and objectIds. This isn't nice. For starters, dtml methods that are used to display bits of pages probably won't display well on their own. Secondly, things like objectIds and perhaps more important methods probably shouldn't be available for security reasons. Finally, it doesn't give a 'user experience' of a nice tight, well engineered site if you can get at all this stuff. I know you can get around this with proxy roles and the like, but this is a real pain to do for a whole site. It also means you get an authorization error, whereas what I'd personally prefer is a 404 not found, so people don't even know it's there. The solution I'd suggest is very simple from a usage point of view: For every Zope object add a new 'execute' permission. Also, change the idea behind the 'view' permission to be more like it's name. So, if a user has 'view' rights on an object, they can access it through a URL or an FTP client. If a user has 'execute' rights on an object then if it's referenced in another object or method (like standard_html_header is), it can still be executed even if the user has no view rights. So, standard_html_header, for example, would have execute but not view permissions for the anonymous user. How do other people feel about this? I'd be more than happy to give coding this a crack if people could give me some pointers as to where to start. cheers, Chris