Hi all .. .. my brain needs a nudge again. I need to fetch an object from the ZODB subject to security checks. This doesn't work: result = [self.restrictedTraverse(p.getPath()) for p in proxies] because for a path such as '/app/container/object' the user might have access to 'object' without having access to 'container'. I think this will work: user = self.REQUEST.AUTHENTICATED_USER for p in in proxies: o = p.getObject()) if user.has_permission(permission_name, o): result.append(o) but I don't know where to find 'permission_name'. It's the permission registered for the class at __init__ time: context.registerClass( class_instance, permission = 'Add %s' % classname, constructors = getConstructor(module, class_instance) ) Any hints? -- Jean Jordaan http://www.upfrontsystems.co.za