I'm using Zope 2.5.1 and python 2.1.1 under solaris I have a setup like this: /root acl_users # standard root UserFolder. Has a 'guest' account /protected hello # simple dtml document acl_users # UserFolder. Has 'user1' account /sub test # simple dtml document For protected, hello, sub, and test I have modified permissions on 'view' by disabling 'acquire' and enabling 'authenticated'. Anonymous, manager, and owner are cleared. Neither guest nor user1 owns any objects on the server. When I visit hello, I am prompted for a password. 'user1' works fine. 'guest' also works, which doesn't make sense to me since I disabled acquisition. The test document exhibits the same behavior. Is it possible to make hello (or test) NOT recognize authentication from the root acl_users folder? I understand it might not be a great idea (as it would cripple administration) but it sure is odd. Charlie Reiman