I'm having difficulties 'artificially' logging in a user from filesystem python code. I'm trying to setup a queuing system for converting files that users upload. The uploads are pickled to the filesystem and I then use Xron to fire the conversions at regular intervals. Once the conversion is done, I want it added to the ZODB (along with various default methods), but I also need to check whether the user has permission to add files to the place they tried. I'm trying to perform this check when the scheduled conversion takes place as opposed to when the upload takes place, so I capture the username/password of the uploading user and store it in the pickle. Here's my attempt at logging in programmatically: #Get hold of the original upload folder folder = context.restrictedTraverse(qfile.upload_url) #Authenticate with the same acl_users as te original uploader acl_users = folder.acl_users user = acl_users.authenticate(qfile.user, qfile.passw, request={}) user = user.__of__(acl_users) newSecurityManager(None, user) This works up to a point. The user does seem to be logged in and I can then call a ZODB python script that subsequently calls manage_addFolder (amongst other things). However, when the ZODB python script tries to call a method of a product of mine (which adds one of my default methods to the folder made by the aforementioned manage_addFolder), I get the following in my log (line 126 in _doConversion calls my ZODB python script and addPPTindex_html is the method on my product); 2002-07-23 12:53:51,187 ERROR AsyncZlaveClient failed on Qfile '56148' for user 'tim' (tim@sitefusion.co.uk) Traceback (most recent call last): File "D:\Zlave\zope251\lib\python\Products\ZOffice\AsyncZlaveClient\AsyncZlaveCli ent.py", line 126, in _doConversion extension=qfile.extension) File "D:\Zlave\zope251\lib\python\Shared\DC\Scripts\Bindings.py", line 252, in __call__ return self._bindAndExec(args, kw, None) File "D:\Zlave\zope251\lib\python\Shared\DC\Scripts\Bindings.py", line 283, in _bindAndExec return self._exec(bound_data, args, kw) File "D:\Zlave\zope251\lib\python\Products\PythonScripts\PythonScript.py", line 302, in _exec result = apply(f, args, kw) File "Script (Python)", line 37, in addFolderAndFiles File "D:\Zlave\zope251\lib\python\AccessControl\ZopeGuards.py", line 58, in guarded_getattr return inst.aq_acquire(name, aq_validate, validate) File "D:\Zlave\zope251\lib\python\AccessControl\ZopeGuards.py", line 40, in aq_validate return validate(inst, obj, name, v) File "D:\Zlave\zope251\lib\python\AccessControl\SecurityManager.py", line 83, in validate self._context) File "D:\Zlave\zope251\lib\python\AccessControl\ZopeSecurityPolicy.py", line 200, in validate raise Unauthorized(name, value) Unauthorized: You are not allowed to access addPPTindex_html in this context So, after that long-winded description, my question is... why does the authentication seem to run out when calling a product method when it can call manage_addFolder()? cheers tim