Group: We're using Zope 2.6.1 and create a menu in our standad_html_header by doing something like this: <dtml-in expr="ObjectTypes(['Folder','Ordered Folder'])" skip_unauthorized> <a href=...><dtml-var title></a><br> </dtml-in> The structure is something like this: ROOT standard_html_header ... standard_html_footer library (Folder) - public 1 - public 2 - staff_only One of the folders is a 'staff-only' folder. We would like it to appear in the list, but we would like to force the user to authenticate when they click on the link. So, we defined a user, 'viewer' that has exactly the same privileges as 'anonymous' and then gave our standard_html_header document the proxy role of 'viewer'. Then we removed the view permission and access contents permission from anonymous within the staff_only folder. This appears to work as expected. Here's my real question: why did we have to go through this? From reading the zope book, etc., you would think that all you had to do was to remove the view permission from the staff_only folder. Is it because the standard_html_header is acquired from the root folder and so brings with it security information? -- Benjamin J. Chapman benjamin-chapman@utulsa.edu 918/631-2405 Director of Computing Resources TU College of Law http://www.utulsa.edu/law/support/ Send computing support requests to: support@mail.law.utulsa.edu