OK, I read Brian's excellent HowTo on the 2.2 Product permissions API, but it unfortunately doesn't give me the answer to my current 2.2 problem (or if it does there's something else I don't know that is preventing me from figuring it out). I'm trying to update EMarket to work under 2.2. EMarket has a shopper object. A shopper's current set of potential purchases is stored on the shopper object in a 'basket' attribute. What gets assigned to this attribute is an instance of a 'Basket' class. It inherits from Persistent and Acquisition.implicit. (Shopper, among other things, inherits from OFS.SimpleItem, by the way.) So, when I access the page that displays the current shopping cart, under 2.2 I get an unauthorized error when the dtml code attemps to access an attribute of the basket object. So, what do I need to do to allow controlled access to this object? I understand that Shopper, inheriting from SimpleItem, already has the access to unprotected subobjects flag. And I'd rather protect the object correctly, anyway <grin>. I tried adding an ac_permissions structure to the class, giving View permission to the attribute that is throwing the unauthorized error, but that doesn't seem to have changed the behavior. Adding the access to subobjects flag also didn't do anything. I created a new shopper/basket just in case the changes don't affect existing objects, but still got the same unauthorized error. --RDM