Hi All, I have a zope folder that contains multiple documents. Users order a document to be created by our communications office. That office then uploads that word document (not through ZMI). I want users to have access to ONLY those documents they have ordered. And all this needs to be done programmatically and not through ZMI. My first thought was to setup a SiteAccess Rule to get the current username and see if it matches with one of their orders and the requested word document. But it seems that SiteAccessRules, and more specifically __before_publishing_traverse__ occurs prior to user authentication. The script I was starting to write always sees the 'Anonymous User' when used as an Access Rule, but when viewed through the ZMI, it is the current user. Is there another way to do this? I'm thinking that when the document is uploaded, I set the owner to be the user that ordered it. Then I can set the permissions in this folder for View: ('Manager','Owner')? Any thoughts/better ways to do this? Thanks! Andy