jens wrote: ' Are you confusing global roles as stored on a user/member with local ' roles, as stored on an object in the ZODB? ... ' You pass in the object (folder, content object, etc) you want to set ' local roles on, a sequence of member IDs, and the role name. I am confusing them. I found the solution in some existing code. The solution isn't to add the role, but rather to edit the user and provide a new list of roles, like so: member = context.portal_membership.getMemberById(userid) context.acl_users.userFolderEditUser(userid, \ None, \ new_roles, \ <---- here! member.getDomains()) The API documentation might be sufficient, however, it's quite difficult to find the correct method in the first place. Anyway, problem solved. \malthe ---- mail: mborch@3avod.dk blog: www.3avod.dk/blog/ crypto-key: 3avod.dk/keys/mborch.asc --------------------------------------