I'm increasingly frustrated with the Zope security management framework, and I'd like to know if there is a way to work around some of my problems, and/or whether this will be addressed in the future. Or, perhaps I'm looking at all this from the wrong perspective. Essentially, I'd like a way to eliminate a role in certain directories. For example, if anonymous users should be granted no access to a "/private" folder, I want to lock down /private and all sub-directories against anonymous access. The only solutions I've found are inadequate. What I've found: * At the root folder, find those permissions which are enabled for the anonymous role, and remove them in /private by de-selecting the "inherit permissions" checkbox and re-enable appropriate roles. * In /private, de-select _all_ "inherit permissions" checkboxes and re-enable appropriate roles. The first is inadequate because of the lack of control over what permissions are enabled for anonymous users at the root folder. If a particular permission is added to the root folder the next day, anonymous users now have a permission in /private which they should not have. The second, besides being extremely tedious and error-prone, removes the flexibility of defining globally what permissions roles should play across all of the server. What am I missing? -- -- John R. Daily jdaily@progeny.com Systems Programmer Progeny Linux Systems Master of the ephemeral epiphany