Hi Laurie, thanks for your quick reply. Yes, that is one option I just tried, but - in my case - it has a major drawback (see below). First, here's what i did: - I created a 'test' role with only the permissions to "access contents information" and "view". - I created the researchers in the root folder and gave them the "test" permission. - I protected the critical dtml and sql methods by making them only accessible to test & manager - assigned people. - Then in their specific subfolders I gave the researchers the *local_role* of a Manager. It works but there is one major drawback in my case. I only quickly checked but in my case the /database researcher was able to call the /bioinformatics/show_management_screen and while he couldn't add Documents in the /bioinformatics directory on that screen (a login box popped up) he could execute the database methods that inserted the various data under the /bioinformatics ID just fine. Did you encounter the same problem? PS.: the bioinformatics staff is working at the European Media Laboratory in Heidelberg, Germany (www.eml.org [careful, those pages are old :-) ]) Greetings, Philipp Robbel -----Original Message-----

Hi Philipp - I'm afraid that I don't think I can help you but am struggling with the same kind of problem - I have different research groups who cannot see each others data, but have shared information/methods that they need to execute in context in their respective groups and projects (which also only some people can see) My method so far is to define a new role that when the user is created they are added to 'LabLoggedIn'. Then this role has the appropriate permissions in the root folder to run the methods that are needed. Then in their own groups or projects they have the appropriate local roles granted (these are defined at the root level). We are working on the assumption that the users wont know enough to hack in but I am trying to do it as though they can. I don't know if this has helped any, but I am struggling through myself! Laurie

PS where is the bioinformatics that you are working with based? I am in the same kind of lab.