Dear All, I'm using Zope 2.2.5 on Linux and I have a problem of setting security policies and roles. I have the following structure: / |--acl_users | |--user0 | |--user1 | |--user2 |--user1 | |--acl_users | |--pygresql_db_connection | |--index_html |--user2 |--acl_users |--index_html In the root folder (/), I defined a user defined role 'Admin'. For each user, I set the following roles: 'user0' is 'Manager'; 'user1' is 'Admin'; 'user2' is 'Operator'. I intend to have 'user0' as the administrator of the entire site, so Manager role should be appropriate. Both 'user1' and 'user2' are local managers, and they should be defined in acl_users folders in the respective folders. But I need each of them to have access to each other's folders, hence I have to defined them in a higher structure. I also enabled ALL permissions for 'Admin' in 'user1' and 'Operator' in 'user2' folders, but enabled only Access contents information, View and View management screen for both 'Admin' and 'Operator' in root so that each user can view the root but can make changes only in their respective folders. The problem comes when I log in as either 'user1' or 'user2'. For example, as 'user1', I add a new object acl_users in /user1. acl_users is created successfully, but when I click on it, the Contents tab is not visible, ie. I cannot manage users. I can set permissions, take over ownerships, but cannot manage users. Similarly, I can create and delete PyGreSQL database connection in /user1, but the Properties tab of PyGreSQL is not visible. 'user1' can have access to acl_users/Contents and PyGreSQL/Properties ONLY when I reset the role to Manager in /acl_users. I need 'user1' to have Manager-equivalent permissions ONLY in user1 folder, but have limited access to other folders. It seems to be that acl_users and PyGreSQL grant the user full access ONLY when they are Manager, regardless of the permissions enabled in their user defined roles. Is this a bug or a feature, or have I misunderstood something here. This scenario is like the one described in the Zope Book Chapter 6: Security --- Scientist and SalesPerson. I would like Scientist or user1 and SalesPerson or user2 to have full control in their folders WITHOUT being Manager so that the administrator or user0 can be Manager. Is there a way round this? Thanks! Regards, Kenneth