On our site, staff see enhanced views of certain pages. For example, everyone can see my phone number, but only staff can see my cell number. I've handled that in the past as <dtml-if ... user has the role "Staff" ...> extra stuff goes here </dtml-if> I've been moving the extra stuff to separate DTML methods for internal reasons, so it looks like <dtml-if ... is staff > <dtml-var extra-stuff> </dtml-if> For my fellow developers, I've simplified this by created at method called isStaff, which just returns the result of true or false for this user having the role of Staff for the current object. That way, they can just say <dtml-if isStaff> <dtml-var extra-stuff> </dtml-if> However, this still keeps the "logic" of security in DTML, and not part of the Zope security system. What I'd like is: <dtml-var extra-stuff> and mark extra stuff w/View permission only for staff. That way, the security is out in the open; there's no programmatic checking of authorization. Of course, what happens is that zope pops up and asks for authorization for this. I've tried <dtml-in extra-stuff skip_unauthorized> <dtml-var sequence-item> </dtml-in> but I still get an authorization request for extra-stuff. Is there any way (w/dtml-var, dtml-in, etc) to show this extra stuff, while keeping the security logic in simple zope security, and w/o prompting for the user to log in? (something like <dtml-var extra-stuff skip_unauthorized> would be great.) Thanks! -- Joel Burton <jburton@scw.org> Director of Information Systems, Support Center of Washington