Hi all! I'm using LoginManager to provide for a non-HTTP authentication. A role "Member" has access to a folder "Restricted", the role "Anonymous" doesn't have any rights at all in this folder. All objects in this folder acquire these security settings. So far, so good. The login form from the LoginManager product raises "LoginRequired" and shows the login screen when necessary. Mysteriously, I don't get to see my (customized) standard_error_message, but *the* standard error message when I try to access the folder unauthenticated. Now if I give Anonymous the right to "View" in the "Restricted" folder (and therefore view all contained objects - which I naturally don't want to do) and explicitly take that right away for index_html, any unauthenticated client trying to access the folder (->index_html) will see *my* standard_error_message (containing the login screen). What is this all about? I'm baffled. I want my standard_error_message *everywhere*, *any way*. tia and cia, (cheers in advance) Danny P.S.: I've customized LoginManager to get the users from a ZGadfly connection (at last!). Maybe there's something wrong here? Does Anonymous need rights to use the database or what?