I apologize if this issue is something that has been discussed before, but I searched the archives to no avail. I'm evaluating zope for a project, and I have some questions regarding the extensibility of the user security model. The company I work for would like to provide documents to clients via the web, and only allow one particular client (or group of users from the same client) access to those documents. I don't want any user to be able to detect the presence of any other user. I essentially want several "sites", one for each client, with a group of administrative users responsible for maintaining these sites and publishing content to all of them. What this would require is a group of administrators that can see all sites, as well as restricted users with privileges to exactly one site. I'd also like to avoid having a role for each site, as that could get ugly for almost 1000 clients. It would also be great if we could designate a user to administer only one site, so that they could only publish data to one client. I guess I want "zope-level" users and "application-level" users. Is this something that sane people do? I don't really need a step-by-step, just a "yes, that is possible" or a "no, you're an idiot" before I start digging in to try and do it. Tim