Hello list, I've run into a rather interesting design problem that I don't know how to solve. I'm creating a group calendar (in Plone). There are two kinds of event objects, an Event object and an Event Reference object. They are used in the following way: Person A organizes a meeting to which he invites persons B and C. He then creates an Event object i his calendar and Event Reference objects in B's and C's calendars. The Event Reference contains all the fields of the event object (marked as read-only) plus two editable fields, one reference field to the original event object and a boolean field (accept/reject). Both the event objects the reference objects use the same view-page. So far no problems. Now every event can be either public, semi-public ("busy") or private. This means that even though A has marked the event as semi-public, B and C must have full read-rights to the event. What's more, if B marks his reference as public, visitors must be able to get full read-rights to A's event through B's event reference. I've figured I'd need some kind of object-based security and not user-based, i.e. instead of giving the B-user rights to A's event I'd give the B-user's event rights to A's event. Phew. This sure sounds complicated. :-) Perhaps some ascii-art will make it clearer: [A's calendar] | +--- Base Event <-+------+---(busy)------> anonymous user *) | | (public) | [B's calendar] | | | | | +--- Reference >--+------|---(public) ---> anonymous user **) | (public) [C's calendar] | | | +--- Reference >---------+---(private) --> anonymous user ***) *) Anonymous user has limited rights to A's base event. **) Anonymous user has full read rights to B's reference, which gets its data from A's base event, to which the anonymous user has limited rights. ***) Anonymous user has no rights at all to C's reference. I really don't know how to achieve this with the current security model of zope. Is there a better way to solve this problem? Did you even understand my dilemma? Thanks, -Petter-