I have a simple DTML method: <dtml-var standard_html_header> <h2><dtml-var title_or_id> <dtml-var document_title></h2> <p> This is the <dtml-var document_id> Document in the <dtml-var title_and_id> Folder. </p> <p> Welcome, <dtml-var AUTHENTICATED_USER>! You have these roles: <dtml-var "_.string.join(REQUEST.AUTHENTICATED_USER.getRoles(), ', ')">. </p> <dtml-call "manage_addFolder('Folder', 'my new folder')"> <p> I created a folder! </p> <dtml-var standard_html_footer> It requires "Manager" to view. When I run it with the <dtml-call> commented out, it correctly returns my role as "Manager". I can go through the management interface to create and destroy folders, but as soon as I view this method, (it tries to reauthenticate me and) I get: Zope Error Zope has encountered an error while publishing this resource. Unauthorized You are not authorized to access manage_addFolder. Traceback (innermost last): File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/ZPublisher/Publish.py, line 222, in publish_module File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/ZPublisher/Publish.py, line 187, in publish File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/ZPublisher/Publish.py, line 171, in publish File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/ZPublisher/mapply.py, line 160, in mapply (Object: make_folder) File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/ZPublisher/Publish.py, line 112, in call_object (Object: make_folder) File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/OFS/DTMLMethod.py, line 172, in __call__ (Object: make_folder) File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/DocumentTemplate/DT_String.py, line 528, in __call__ (Object: make_folder) File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/DocumentTemplate/DT_Util.py, line 331, in eval (Object: manage_addFolder('Folder', 'my new folder')) (Info: manage_addFolder) File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/OFS/DTMLMethod.py, line 194, in validate (Object: make_folder) File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/AccessControl/SecurityManager.py, line 139, in validate File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/AccessControl/ZopeSecurityPolicy.py, line 183, in validate Unauthorized: (see above) I expected trouble when trying to use proxy roles for this, but it seems like running as a Manager should be simple. I see a similar DTML method in use in a message from early October. Am I missing something or did the security model change get me? Thank you. --kyler