One of the requirements of a web site that I'm working on is the ability to restrict certain areas of the site to people who have registered with the site. I'm experimenting with GenericUserFolder in an effort to support this. The idea is that the site would use cookie-based authentication and the user would login via a registration screen. I think I understand how to do this within Zope. However, in addition to users accessing the site just to view its content, I will also have users accessing the site to manage content. When a user wants to manage content, I would like to display a different login screen or use a different login mechanism. For example, I don't want to put my content manager information in my user registration database. My question is this, is there a way to tailor authentication based on the type of access a user is asking for? Is there a way to programatically know if a user is accessing management screens (there must be, otherwise the whole security mechanism of Zope would work). Where in the Zope code would I look to gain a better understanding of how the whole security mechanism works? Any tips or pointers on this subject would be appreciated. Thanks. James W. Howe mailto:jwh@allencreek.com Allen Creek Software, Inc. pgpkey: http://ic.net/~jwh/pgpkey.html Ann Arbor, MI 48103