I seem to be having a problem accessing attributes and methods of objects created inside a custom Zope product from python scripts and ZPTs. I am not sure whether this is a misunderstanding of the security access rules described in the Zope Developer's Guide, or perhaps just the wrong way to think about exposing python objects to python scripts and ZPTs. The basic scenario in my product module is this from SomeWhereElse import ObjectA Class MyProduct( Folder.Folder, Persistent, Implicit ) def __init__( self ): self.dataObjects = [] def createAndAddDataObject( self ): self.dataObjects.append( Data( ) ) def getDataObjects( self ): """ return the dara """ return self.dataObjects Class Data: def __init__( self ): self.data = ObjectA() ---------- So not very interesting, and I have skipped all the usual product and _p_changed bits, I'm simply demonstrating the relationship between product class, a custom data class, and classes from SomeWhereElse. in SomeWhereElse, ObjectA creates and holds references to many other Objects of many different classes. The problem is that I can call a method such as getDataObjects from a python script and get back a list of objects of type Data. However I cannot access the attributes or methods of the ".data" attributes of these Data objects. No amount of setting the following in either the Product class or the Data class helps. __allow_access_to_unprotected_subobjects__=1 security = ClassSecurityInfo() security.setDefaultAccess("allow") The only option I feel I have is to explicitly define in Data or MyProduct getters/callers for all the methods and attributes of the classes defined in SomeWhereElse using proxy classes with the appropriate security settings set. This seems a bit cumbersome. Any pointers would be much appreciated. regards Matt