OK, I know some of you are out there watching. :) Here is what I found out you can do to use Zope's folder security features using your own user info database, your own login interface, and without using GUF (Generic User Folder). It's kind of simple, so don't expect too much. :) Hey, but at least it does not lock you up and send you into a panic attack. :) (1) Have your own login interface, and use some session management product or cookies to keep track of whether the user has been authenticated by you. (2) Create additional user-defined roles at the root of your Zope project. (Click on the 'Security' tab of the root folder, and scroll to the bottom.) E.g: 'teacher', 'student', 'parent', etc. (3) Create an acl_users folder at the root of your Zope project. Inside the acl_users folder, add new generic users. E.g: 'GenericTeacher', 'GenericStudent', 'GenericParent'. Assign non-trivial passwords to them, of course. (4) In your standard_html_header or equivalent, you then check against your cookies or session data. If the user is a teacher, then call: <dtml-call "REQUEST.set('AUTHENTICATED_USER', acl_users.getUser('GenericTeacher'))"> Voila! Now you can use Zope's security settings to prevent people from accessing given folders. Hung Jung ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com