Hi all, I defined my own permission to delete an object like so: security.declareProtected( 'Delete ZehnderRequests', 'manage_beforeDelete' ) def manage_beforeDelete(self, item, container): "just here to enforce permisson" if not self.portal_membership.getAuthenticatedMember().has_permission('Delete ZehnderRequests', self): raise BeforeDeleteException in the class definition I declare security.setPermissionDefault('Delete ZehnderRequests', ['Manager', 'Owner' ] at the end of the class definition I call InitializeClass( CMFZehnderRequest ) now my problem: every user has the permission set altough only manager should have it. what am I doing wrong here ? thanks for any typ. Robert -- mit freundlichen GrĂ¼ssen Robert Rottermann www.redCOR.ch