I've learnt that it's better to use getSecurityManager instead of REQUEST.AUTHENTICATED_USER because it's more secure. Other than that, what is the difference. I fear I've come a across a situation when getSecurityManager() returns nothing where AUTHENTICATED_USER did. I'm currently trying to reproduce the situation but it might involve odd URL usage and it's a bore to have to restart the browser every time. Just hoping someone could give me a quick answer because I don't understand much simply by reading the source. from AccessControl import getSecurityManager class MyProduct(...): def Who(self): #return self.REQUEST.AUTHENTICATED_USER.getUserName() return getSecurityManager().getUser().getUserName() -- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com