Optional arguments will still allow untrusted code to bypass security checks. Yes, that's true. Here are three solutions to this, two of which do not involve catalog changes: - Use a proxy role on the script that invokes getObject which grants the permissions needed. - Use self.unrestrictedTraverse(brain.getPath()) from trusted code - Add a private method: unrestrictedGetObject() to the catalog brain API which does no security checking, but is inaccessible to untrusted code. I think the last one is a good idea and I will implement it. The other two are available options for now. Ok, I think it will be useful. Until then, the second option is a good solution for me. Thanks a lot for the suggestion. Regards Santi Camps