You know you are in trouble when you need to read the c-code of Acquisition to understand a problem. :) This took me half the day to figure out, and in fact, I still don't fully understand it. So I need help with this. CPS has an index, called cps_filter_sets. It's a TopicIndex, and TopicIndexes can have expressions as filters. This one has: "getattr(o, 'portal_type', None) not in ('Section', 'Workspace')" Where o is the object that are being indexed. But, this being an expression, it's protected, and therefore, a getattr becomes a guarded_gettatr. guarded_getattr does it's security check by doing: validate = SecurityManagement.getSecurityManager().validate aq_acquire(inst, name, aq_validate, validate) Where in this case inst will be the object that is being indexed. aq_acquire will, if the first parameter is not an AcquisitionWrapper, and the third parameter is not None, wrap the object. Now, in our case, the object is an IndexableObjectWrapper, wrapping an Acquisition wrapped object. So, aq_acquire will Acquicision wrap the IndexableObjectWrapper, with the result that the object being used now has no context! Then, it passes this to validate, who in turn passes it to allowed, who check that the object has the users user folder in it's context. And it hasn't, because it has no context. *blam* You get an AuthorizedError, and the object does not get indexed. OK, there are several ways to fix this, one being to not use getattr. But there is still something missing from my understandning of all this: - Not every object has this problem! Why, I have no idea. I had his problem in two products, and in ONE of them, it disappeared when I introduced the otherwise useless PropertyManager as a baseclass. The other product already has propertymanager as a baseclass! Any insight into this would be appreciated. //Lennart