Security in ZOPE is very puzzling. If I have certain rules set for the root folder, can I set something different for the sub folders? Any changes seem to have no effect at all. I am especially wandering about setting for anonymous user. I'd like to give them only 'viewing' privilege but that does not work. The site is not functional at all and asks for the password even for the viewing. Then I enable 'access the content' and the site works as long as I do not try to use sql. When I how ever enable 'use sql methods' permission they can access my database, delete and add entries to it. What do I have to do to allow anonymous viewers to just view the site (keep in mind that I am using a couple of zsql methods for embedding of data in my html) I also want to have one of the sub folders not accessible to any one but me. Can you help anyone? Regards, George