Anthony:
Ok, more information needed: do the proxy roles augment or replace the roles that the user currently has?
Sorry for the delay in responding. They (proxy roles) _augment_ existing user roles (per Jim and a little micro-test I just did). Consider a folder: Container containing two documents: secret_doc and wrapper_doc wrapper_doc is: <!--#var standard_html_header--> <P>This is a wrapper. Below is the secret content:</P> <BR> <!--#var secret--> <!--#var standard_html_footer--> We can restrict View access to secret_doc to the role, secret_readers We can then give wrapper_doc a proxy role of secret_readers Obviously, as long as Anonymous can View wrapper_doc ANYONE can, transitively, see secret_doc. Let's say Bob is in the role guest_readers and NOT in secret_readers. If we restrict View access on wrapper_doc to guest_readers Bob will be able to view secret_doc through wrapper_doc but not directly. I know this is a little hard to follow (it is when I re-read it!) -- Best way is to understand all this is to play with it. --Rob (Zen 0.2) P.S. - We're at the thin-air limits of my comprehension so if your questions go much deeper I'll have to defer to the Zen 0.75+ club! :^)