I'm using Zope 2.7.0 a1 I want to be able to 'su' as another user within Zope if a PythonScript is called with valid REQUEST.form values. Attached below is my extension method, which sorta works. The problem is that after I call newSecurityManager, the 'new user' doesn't have View rights to the User object, so calling getProperty() on it fails. I'm using LDAPUserFolder It seems this should work, but doesn't. I've tried various combinations of .__of__ wrapping of the user object. Nothing works. The following extension method, when called correctly, produces this output: current user is backend with roles ('SU', 'Authenticated') has view on user object? 1 set user is darcie with roles ('SFCustomer', 'SFManager', 'Anonymous', 'Authenticated') has view on user object? 0 This extension module is called like so from PythonScript: from AccessControl import getSecurityManager context.processSU(context) user = getSecurityManager().getUser() orgid = user.getProperty('orgid',None) I get "Unathorized" on the getProperty call if processSU() has switched the user -- def processSU(context, request=None): """Given an acquisition context and request context, become the specified user if request.form has a variable named _su and if that specifies a valid user, then we'll become that user. su must be the dn of an ldap user to become """ if not request: request = context.REQUEST su = request.form.get('_su') if not su: return sm = getSecurityManager() currentUser = sm.getUser() print "current user is ",repr(currentUser),"with roles", currentUser.getRoles() print "has view on user object?", currentUser.has_permission('View', currentUser) if not currentUser.has_role((suRequiredRole,)): # this is an error raise RuntimeError("Insufficient rights to ZopeSecurityTool process 1") userFolder = context.acl_users newUser = userFolder.getUserByDN(su) if newUser is None: raise RuntimeError("Specified user not found") newUser = newUser.__of__(getattr(userFolder,'aq_base', userFolder)) newSecurityManager(None, newUser) sm = getSecurityManager() newUser = sm.getUser() print "set user is ",repr(newUser), "with roles", newUser.getRoles() print "has view on user object?", newUser.has_permission('View', newUser) -- Brad Clements, bkc@murkworks.com (315)268-1000 http://www.murkworks.com (315)268-9812 Fax http://www.wecanstopspam.org/ AOL-IM: BKClements