Create the user in the top level folder that they are allowed to see. Not in the /www folder
That alone wouldn't do it if we are talking about "seeing the objects", e.g. by calling the "objectIds" method in the root folder. You also have to switch off the root folder's "Access contents information" rights for Anonymous and the sub-tree managers. I think Zope security is really a bit weak here because the standard settings are NOT blocking "Access contents information" and blocking it makes programming a bit harder ... BUT: You CAN configure it correctly if you want to. Joachim -- Iuveno - Smart Communication Joachim Werner _________________________________________ Marie-Curie-Straße 6 85055 Ingolstadt Tel.: +49 841/90 14-325 (Fax -322) Mobil: +49 179/39 60 327 E-Mail: joachim.werner@iuveno.de/joachim.werner@iuveno-net.de WWW: www.iuveno.de/www.iuveno-net.de