...

A user that does not log in, i.e. a user you know nothing of, gets the "Anonymous" role automatically (at least with "acl_users"). A logged in user may not get the "Anonymous" role.

This does not provide additional security, because this user may simply shut down his browser and access the page again as anonymous user. On the other hand, it may result in surprises: suddenly (after a log on) I can no longer do things that I was able to do before the log on.

I think, this should be changed.

I agree, and I've said so, many times before ;-)

Chris

Guys - I'm looking at the security code, and the intent is that if 'Anonymous' is in the roles required to access an object, the user is allowed (even though he may not have been given the 'Anonymous' role explicitly). This appears to be the case both in 2.1.x and the new 2.2.x security policy - I've been trying to replicate the problem you are referring to but I must be missing something. My test case was: o create a user 'test', giving him only 'test_role' o create a dtml document object with default security (anonymous has 'View' permission) o give users with 'test_role' 'View mgmt screens' on the dtml document. o in a new browser, visit doc/manage to force login as 'test' with 'test_role' o try to view the doc normally ('View' is only given to anonymous), which works as expected Can you give me a scenario that shows the problem so that I can reproduce it? (walk me through what objects to create, what permissions to give, how to try to access them). This should be done with standard built-in User/UserFolders if possible. Thanks! Brian Lloyd brian@digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com