I have an interesting problem with a part of a site that needs to be limited to privileged editors. Let's call this role "Editor". The problem is, unless I give the "Access contents information" permission to the "Anonymous" role, SQL Method calls are not permitted, even if I give _all_ permissions to the "Editor" role. It's that curious? <!--#var AUTHENTICATED_USER--> equals to my editor user (defined in folder somewhere above the restricted folder), and <!--#var "AUTHENTICATED_USER.getRoles()"--> gives me ['Editor']. Btw, I've disabled acquisiton of permissions on the restricted folder. Unless I give "Access contents information" to "Anonymous", the following traceback is emitted when authentication fails: Error Type: Unauthorized Error Value: 0 [...] Traceback (innermost last): File /usr/src/Zope-2.0.0b1-src/lib/python/ZPublisher/Publish.py, line 256, in publish_module File /usr/src/Zope-2.0.0b1-src/lib/python/ZPublisher/Publish.py, line 161, in publish File /usr/src/Zope-2.0.0b1-src/lib/python/ZPublisher/mapply.py, line 154, in mapply (Object: index_html) File /usr/src/Zope-2.0.0b1-src/lib/python/ZPublisher/Publish.py, line 98, in call_object (Object: index_html) File /usr/src/Zope-2.0.0b1-src/lib/python/OFS/DTMLDocument.py, line 171, in __call__ (Object: index_html) File /usr/src/Zope-2.0.0b1-src/lib/python/OFS/DTMLDocument.py, line 166, in __call__ (Object: index_html) File /usr/src/Zope-2.0.0b1-src/lib/python/DocumentTemplate/DT_String.py, line 502, in __call__ (Object: index_html) File /usr/src/Zope-2.0.0b1-src/lib/python/DocumentTemplate/DT_In.py, line 680, in renderwob (Object: SqlTest) Unauthorized: (see above) I experienced the same error with 1.11.0pr1, but I chose not to report it but rather wait until 2.0 to test it out. I've tried setting up a test folder in case it was caused by something in my site; same behaviour. The problem only applies to SQL Methods -- any other permission with any other object/op seems to work as expected. For now, I'll enable "Access contents information" for the "Anonymous" role, but in the long run I feel this is a bad solution. -- Alexander Staubo http://www.mop.no/~alex/ "QED?" said Russell. "It's Latin," said Morgan. "It means, So there you bastard." --Robert Rankin, _Nostramadus Ate My Hamster_