I am trying to acquire the functionality of SimpleItem and the new Zope 2.2+ security model (methods are private by default) in a single class. Thus I subclass SimpleItem and override __allow_access_to_unprotected_subobjects__ as follows: class subclass(SimpleItem): __allow_access_to_unprotected_subobjects__=None __ac_permissions__=( ('View', ['index_html'], ('Anonymous',))) private = HTMLFile('filename', globals()) . . . I would expect that the 'private' method would no longer be viewable via the web. But it is. Am I missing the obvious here? Mark Postal