We would like something in "Work" that says if the authenticated user is staff they get the local role "Staff" The user would be defined in the User Folder in the root.

I think the problem is rather trivial. Since you wrote your own user folder it is so easy to add custom roles. Do you have the directory path? I guess so. So you should able to figure out whether a user is a member of a certain group by parsing the path. Then you create the roles based on the group behavior. All you gotta do now is to overwrite the API method getRoles(self) (in User) and add the new roles to the return list. This way it is always generated on the fly and if the user changes directories the roles will change as well. def getDirectoryRoles(self): """ """ # I assume the path looks like /something/Group/user and that the dir is saved in self.path group = string.split(self.path, '/')[-2] roles = (string.lower(group),) return roles def getRoles(self): """Return the list of roles assigned to a user.""" if self.name == 'Anonymous User': return tuple(self.roles)+self.getDirectoryRoles() else: return tuple(self.roles) + ('Authenticated',)+self.getDirectoryRoles() -- Stephan Richter CBU - Physics and Chemistry Student Web2k - Web Design/Development & Technical Project Management