Hi Bill, A dtml method with these lines: <dtml-with "acl_users.getItem('z')"> <dtml-var password> </dtml-with> will show the password, despite that the methode is accessible by anonymous. Members in my site is allowed to use dtml method. How can I prevent them from reading others' properties? Dirksen __________________________________________________ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/