Dieter Maurer wrote: 
Nikko Wolf wrote at 2005-10-14 15:37 -0600:
  
I'm trying to allow users to delete objects that have been accidentally 
created.  I have criteria for what that means, but since I *DO NOT* want 
them to delete object except by this method, I want to avoid granting 
"Delete objects" to them (non-Managers).

Can this even be done?  At the base level, "Delete objects" is a 
hard-coded requirement of the ObjectManager.manage_delObjects() function.
    

Usually, an "External Method" is not restricted by Zope's
security.

Unless "manage_delObjects" does not perform an additional
internal check (I think, it does not), your "External Method"
can use it to delete objects.
My question stemmed from the fact that (for reasons I cannot not duplicate), I was repeatedly getting Unauthorized exceptions using the manage_delObjects() function.   Thus, I moved the functionality into an External Method, intending to avoid the restrictions.

But even there, throughout changes too numerous to remember now,  the Unauthorized problem persisted.  Then, after snooping around I found code in zope/lib/python/OFS/ObjectManager.py that set __ac_permissions__ with an entry:
        ('Delete objects',     ('manage_delObjects',))

... hence my thought was that the ObjectManager class had the requirement builtin at the source code level.   Even trying new security context (created from within the External Method) did not work.

After many hours of effort and debugging, I find that it works in a "Script (Python)" with precisely the same code that I (thought I) used originally.  Obviously, something is different, but unless it was a subtle typo that compiled correctly and worked (but not as desired) I cannot fathom what has changed.
BTW: Often, it is more faster simply to try something than
to post a question to the mailing list and wait for the answer.
Your question above is such a case ...
Indeed, I know that well.   I *had* tried a multitude of variations before sending; and I'd originally included details in the first posting, but deleted it before I sent it since the question seemed to stand on its own.

Thanks anyway,
Nikko