Hi All, I have a site based on the "File Server" example given in the default zope installation. If you view /Examples/FileServer/Files you will see a list of files and be given the opportunity to upload a new file. The perl scripts and header info etc are contained in the /Examples/FileServer directory. I have no problem adding users, folders and files, the problem is that I want to restrict access to some of the folders, say allow user1 to access the /Examples/FileServer/Files/1 subdirectory but not be able to see the /Examples/FileServer/Files/private subdirectory. I can't use the classical heirarchical security format and create the user "user1" in the "/Examples/FileServer/Files/1" subdirectory as "user1" needs to see into the "/Examples/FileServer/Files" subdirectory to access the scripts etc. I've temorarily solved the problem by using roles. The user subdirectories /Examples/FileServer/Files/1, /Examples/FileServer/Files/2 etc do not aquire their security settings. A role is created for each user and that role given the required access in each subdirectory. This is very inelegant but I can't seem to do it any other way. Any thoughts would be appreciated, Kind regards Ian