Hi: This messages has several attached html files. I have defined a folder; GAP, and a local role; UserAdministrator. In GAP/acl_users, I have 2 users, julian, who has the UserAdministrator role, and betty who does not. See attachment users.html In folder GAP, UserAdministrator has the roles given in users0.html. To summarize, all Add_.. and Change_.. have been removed from Acquire. UserAdministrators are given roles "Access Content Info", "Change Configuration", "Change Proxy", "Change Permissions", "Manage properties", "Manage users", "Use Database MEthods", "Use mailhost services", "View", and "View management screens" Some of these rights in fact make me nervous, and I would like to trim more. See attachment "users0.html". To confirm that julian has the rights of a UserAdministrator, see attachment "users1.html". Now, in folder GAP/acl_users, UserAdministrators are granted all roles. except manage properties and Undo changes. See attachment "users2.html". In particular, UserAdministrators are given the role of "Access Content Info". But, when I log in as "julian", I and go to GAP/manage, and click on acl_users, I am presented with a menu which _DOES NOT_ show the contents (users) of the folder; instead I am presented with a tabbed menu that has only "Security" in it. See attachment "users3.html". Why does "julian" not have a "Contents" tab in GAP/acl_users? Any idea of what the minimal set of permissions will allow me to create a local role that permits members to add, set passwords, and delete users from a pre-existing acl_users folder?