I have a very similar problem to the one given by Jean Lagarde at http://lists.zope.org/pipermail/zope/2001-June/093739.html -- I have a number of Squishdot sites, and I'd like to automatically generate a list of Squishdot sites accessible to the current logged-in user. Here's the dtml method (MyFora) I'm using: <ul> <dtml-in findfora skip_unauthorized> <dtml-let item=sequence-item> <dtml-with item> <li><a href="<dtml-var absolute_url>"><dtml-var title></a> </dtml-with> </dtml-let> </dtml-in> </ul> and here's the Python script (findfora): from string import split, join published = {} meta_types = ('Squishdot Site',) root = None #lets setup the root we will find all our resources from if context.REQUEST.VirtualRootPhysicalPath: root = context.REQUEST.VirtualRootPhysicalPath else: root = ('',) root = context.restrictedTraverse(root) published=[] for obj in context.ZopeFind(root, obj_metatypes=meta_types, search_sub=1): id, obj = obj[0], obj[1] published.append(obj) return published For every authenticated user, it returns a *full* list of Squishdot sites, not just the ones they're authorized to view. Clicking on one of the unauthorized links pops up a login dialog, but I don't even want the links to show up at all (which I thought skip_unauthorized would take care of). As far as I can tell, neither method has any proxy roles attached. What detail did both Jean and I miss in our respective situations? Zope 2.3.2, by the way. -- Mike Renfro / R&D Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- renfro@tntech.edu