Hi all, I want to assign a user a role based on their IP address or domain. Looking through the Zope book this seemed fairly straightforward but I can't get it to work. The folder I am doing this in is one up from the root level, so I can then lock things down from this folder up. This is what I did: 1. Created a new role called internalUser 2. Created a new user called anon, but didn't fill in the password fields, specified the domain as *.mydomain.com and selected the role as internalUser. 3. Created a DTML document (no security assigned) and did a <dtml-var "AUTHENTICATED_USER.getRoles()"> to see what role was being assigned. When I log into the document anonymously it still displays the role as anonymous - yes I am in the right domain. When I set the security settings to lock out anonymous but enable internalUser to view the page it still prompts for a username and password - even though I didn't specify a password. Looking at the user anon in acl_users the password field is filled even though I didn't specified password - is this normal? Strangely when I give this user a password and log in the ip/domain restriction works - there must be something going amiss somewhere.. The reason why I would like to do it this way is so that I can conditionally show/hide parts of a page based on this role just to give you some context - provided it assigns the right role based on domain/ip! If someone could provide some step by step instructions as to how they did this (I cannot for the life of me see what I'm missing) and a possible workaround perhaps using REMOTE_ADDR - I would dearly like to avoid this! Thank you in advance David