I'm feeling kind of dumb here - perhaps I'm getting distracted by the terminology used but what's this "mapping" of permissions ? I've checked the ZCMG but that only deals with users/roles/permissions which is fairly straight-forward and intuitive. Were these permission mappings added in Zope 2.0 or is documentation hiding somewhere ? eg. Ok, so let's look at a typical "define permissions" page : - Access contents information <disabled> - Change DTML Methods <disabled> - Change permissions <disabled> - Change proxy roles <disabled> - Delete objects <disabled> - FTP access <disabled> - Manage properties <disabled> - View <view> - View management screens <disabled> OK, so "view management screens" is now disable and nobody can view them. Fair enough. But say I want to enable them, why would I want to map "view management screens" to anything other than, er, "view management screens" ? And where is the correlation between this action and a user's identity ? Another example: anonymous users call this dtml-method; this method then changes the properties of the zclass. So, I go to the pulldown menu opposite "manage properties" and roger me relentlessly if "manage properties" doesn't just look like the appropriate choice ! The mind boggles - I'm going nuts. What am I supposed to do with this ? As I said, roles/users/permissions make sense but these make as much sense as a bucketful of number 2's. chas