hello, I've tried what you said when "standard_html_header" and "standard_html_footer" are owned by "dev", it work with "Access contents information" permission set for manager role. I think, it's because of aquisition of DTML Method owned by root. Am i right ? I new to Zope, and I want to learn a lot about security. If you have exercices like this one, i appreciate it. (i need also grammar correction, isn't it ;) Xavier Today I tried on my Zope Zope 2.3.2 (source release, python 1.5.2, linux2) what I did a hundred times succesfully before: 1. created a folder "production" 2. set not to acquire the "View" permission for this folder 3. created a role "developer" 4. created a user "dev" with role developer 5. changed security settings so that developers can "View" 6. created two dtml-methods "standard_html_header" and "standad_html_footer" inside the new folder 7. logged in as dev and got the error message: Unauthorized You are not authorized to access standard_html_header Strange enough, this only occurs with standard_html_header and standard_html_footer. I also created a dtml-method called index_html and could see it.