I have a proxy script which Authenticated people can call. It runs as a role that has permissions to do most things, but not completely like normal Manager roles. It basically needs to be able to Add Folders, Delete Objects, Add Properties, etc. The script is called "delete" and it's purpose is to remove a folder from its parent folder. Prior to actually deleting the object, the script calls manage_copyObjects on the folder to be deleted, and then calls manage_pasteObjects in a different context, where I want to put the folder. Folder structure is kind of like this: root people user1 events deleted_events user2 events deleted_events tools events delete Say user1 is logged in. What I want is for him to be able to be in user2's events folder, and delete events from the events folder. With the proxied script, he should be able to do this. Here is a code snippet that does the copy and the deletes where "userContext" is the context of user2's folder: # Copy the object to deleted_events what = userContext.events.manage_copyObjects(ids=[eventId]) userContext.deleted_events.manage_pasteObjects(what) # Delete the event from the user's folder userContext.events.manage_delObjects(ids=[eventId]) I think this used to work. At least I never had complaints about it not working, until today. Here's the Zope error message: <H2>Site Error</H2> <P>An error was encountered while publishing this resource. </P> <P><STRONG>Unauthorized</STRONG></P> Sorry, a site error occurred.<p> <!-- Traceback (innermost last): File /data/www/Zope.6/src/Zope-2.4.3-src/lib/python/ZPublisher/Publish.py, line 223, in publish_module File /data/www/Zope.6/src/Zope-2.4.3-src/lib/python/ZPublisher/Publish.py, line 187, in publish File /data/www/Zope.6/src/Zope-2.4.3-src/lib/python/ZPublisher/Publish.py, line 171, in publish File /data/www/Zope.6/src/Zope-2.4.3-src/lib/python/ZPublisher/mapply.py, line 160, in mapply (Object: delete) File /data/www/Zope.6/src/Zope-2.4.3-src/lib/python/ZPublisher/Publish.py, line 112, in call_object (Object: delete) File /data/www/Zope.6/src/Zope-2.4.3-src/lib/python/Shared/DC/Scripts/Bindings.py, line 324, in __call__ (Object: delete) File /data/www/Zope.6/src/Zope-2.4.3-src/lib/python/Shared/DC/Scripts/Bindings.py, line 354, in _bindAndExec (Object: delete) File /data/www/Zope.6/src/Zope-2.4.3-src/lib/python/Products/PythonScripts/PythonScript.py, line 363, in _exec (Object: delete) (Info: ({'script': <PythonScript instance at 8edd9d8>, 'context': <Folder instance at 8d84390>, 'container': <Folder instance at 8d84390>, 'traverse_subpath': []}, ('1007589520SK', 'Confirm'), {}, (None, None))) File Script (Python), line 48, in delete File /data/www/Zope.6/src/Zope-2.4.3-src/lib/python/OFS/CopySupport.py, line 215, in manage_pasteObjects (Object: deleted_events) File /data/www/Zope.6/src/Zope-2.4.3-src/lib/python/OFS/CopySupport.py, line 414, in _verifyObjectPaste (Object: deleted_events) Unauthorized: Add Folders It's saying that I don't have permission to Add Folders, yet that script has proxy roles which do allow it to. Again, I think this used to work, so there must have been a change and it is either broken now or was broken before. manage_delObjects works if I don't do the copy/pasteObjects prior to it. Any ideas? Should I not even be using manage_copy/pasteObjects()? -Chris