...

I think that you have hit it on the head - we're trying *hard* to make Zope harder to fool :^) Try adding the following to your class statement, for example:

class MyClass:

__allow_access_to_unprotected_subobjects__=1

Just a question: Is this documented somewhere.. I've seen some more of these things here and wonder if there's some explanation what exactly has changed in 2.2 and which constants can be used to control these things..

I plan to publish a guide for Product authors Monday that captures the essence of what has changed about the security policy and what product objects need to do to play nicely within it. Brian Lloyd brian@digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com