The following Python script, when invoked in a folder, should list all ZPT methods that the current user can "View. from AccessControl import getSecurityManager checkPermission = getSecurityManager().checkPermission def okPermissionView(item): allowed= 0 try: allowed= checkPermission('View', item) except: pass return allowed objects = context.objectValues('Page Template') objects = filter(okPermissionView,objects) for item in objects: print item.getId() return printed It works for Managers (who can view anything), but it fails with Unauthorized at the "objects = filter(..." line. When I unfold the source so that filter is not used, it works without a hitch. See the "unfolded" source below: from AccessControl import getSecurityManager checkPermission = getSecurityManager().checkPermission objects = context.objectValues('Page Template') for item in objects: allowed= 0 try: allowed= checkPermission('View', item) except: pass if allowed: print item.getId() return printed Does anybody know what's going on here??? -- Milos Prudek _________________ Most websites are confused chintzy gaudy conflicting tacky unpleasant... unusable. Learn how usable YOUR website is! http://www.spoxdesign.com