I have a Product/ZClass called UserProperties/UserPropertiesClass. I have a folder Users which has mapped users with a role of contentSubscriber to the permission ``Add UserPropertiess''. I have an index_html file in Users that shows that an authenticated user has the role contentSubscriber and shows that the authenticated user has permission to ``Add UserPropertiess''. <dtml-if "AUTHENTICATED_USER.has_permission('Add UserPropertiess',PARENTS[0])"> <p>Can Add UserPropertiess</p> <dtml-else> <p>Can NOT Add UserPropertiess</p> </dtml-if> <p> When an authenticated user calls /Users/ they see Can Add UserProperties. When the user calls /Users/manage they see the managment screen, if they select [ADD]UserProperities they get the login screen again. The URL that is getting accessed is: /Users/manage_addProduct/UserProperties/UserPropertiesClass_factory and the authentication is failing. I'm using GenericUserFolder with cookie validation and it appears that my _gufauth cookie gets set and then deleted through this transaction. -Jon