Dieter Maurer wrote:

I am searching documentation for "__guarded_getattr__", "__guarded_setattr__" and friends.

I'm pretty sure that there are no "__guarded_get..." methods. The point of the "__guarded_set..." and "__guarded_del..." methods is to tell the security machinery that a class knows about write security (even though it may ignore it), so go ahead and allow the write by calling the handler. This is necessary because normal Zope security is access-oriented. Write operations are usually protected by disallowing all direct manipulation of attributes and subitems, and controlling access to methods that perform writes. This is why you could do "x = [1,2]; x.pop()" but not "x = [1,2]; del x[1]" in the old Python Methods; __delitem__ was forbidden, but access to pop() was allowed.

Is the following definition correct when I want the dynamic attributes (defined by "__getattr__") to be protected in the same way normal attributes are:

You shouldn't need to do anything special to protect attribute access, unless there's a bad side effect. Normally, secured code fetches the value and then calls validate() on the container, name, value, etc. It makes no difference that your attributes are dynamic, you'll get the same protection. Cheers, Evan @ 4-am