Posted this a few days ago, but haven't received any ideas. Can anyone confirm that they *can* edit ZPTs with WebDAV/FTP as a non-manager with Zope 2.5? I'm willing to dig into the source if I can find get some input on how specific the problem is to versions, setup, etc. -- Synopsis: A highly-privileged non-manager user can edit all content types through WebDAV or FTP *except* PageTemplates. If user is changed to a manager, they can now edit PageTemplates through WebDAV/FTP. Demonstration/Walkthrough: 1) in folder "/foo", create local role "test" 2) in "/foo", give role "test" *all* permissions (in theory, this person would only need a few privileges; to remove any possibility that we're guessing the wrong privileges, select them all) 3) add user "bob" w/role=test 4) create a ZPT document "test.pt" in "/foo" 5) create a DTML DOcument "test.dtml" in "/foo" 5) see that bob can edit both documents using ZMI w/o problem. (therefore, it's not privileges per se that's causing the problem) 6) see that using WebDAV/FTP, bob can edit "test.dtml" (therefore, it's not WebDAV setup per se that's causing the problem) 7) see that using WebDAV/FTP, bob *cannot* edit "test.pt" (!) 8) add manager role to bob 9) now bob can edit "test.pt" through WebDAV/FTP (therefore, it's not simply ZPT+WebDAV that's causing the problem) Notes: I've tried FTP and 3 WebDAV clients (cadaver, WebDrive, Dreamweaver); all return an unauthorized message. This isn't a firewall, client, or locking problem: I can't do it from the server using cadaver; I've tried different client machines; using cadaver, I can't even GET the file (which makes no attempt to lock it.) WebDAV editing of ZPT is a critical feature for my clients. I can't give the editors "manager" role w/o opening huge security holes. Using cadaver w/debug settings, I can get detail on the requests and responses: the forbidden edit request (step #7 above) just re-requests authentication twice and fails. Happy to send the cadaver log to anyone who might find it helpful. Can anyone edit ZPT through WebDAV or FTP with non-managers? Can anyone shed any light on this problem? -- Joel BURTON | joel@joelburton.com | joelburton.com | aim: wjoelburton Independent Knowledge Management Consultant