Hello! Can anyone explain the mechanism under "Define Permissions" tab on ZClasses? I do not understand the screen. Why can I set "Delete Objects" permisson to "Add Site Roots"? Why do I need it? What's worse, I don't understand this explanation: "For ZClass methods, only permissions that are defined for the ZClass are permitted. " I want to protect a DTML Method in a ZClass so that it won't be accessible by Anonimous. Example: I want to protect importRSS method of RSS Channel product. Currently, anyone who discovered the name of the object can call importRSS with any URL, thus cracking my site. And it is easy to discover these objects as any page on the site has view_source link. Oleg. ---- Oleg Broytmann http://www.zope.org/Members/phd/ phd@phd.pp.ru Programmers don't die, they just GOSUB without RETURN.