Hello, I wrote a small product to automatically wrap some pages with configurable templates. Now I have a little problem with defining permissions. I defined the role "mitarbeiter" in the management screens, and gave this role all permissions it needs (especially the permission for the management functions of the product). Now, I have a user "test". When assigned to the "Manager" built-in role, it can manage the objects of this product. When assigned to the "mitarbeiter" role, this account cannot manage the objects (it can view the management screens, but whenever calling a method that actually changes something, the login window pops up and asks for username and password. My product class contains the following lines: manage_options = ( {"label": "Contents", "action": "manage_contentForm"}, {"label": "Properties", "action": "manage_editForm"}, {"label": "view", "action": "index_html"}, ) + SimpleItem.SimpleItem.manage_options __ac_permissions__=( ("View management screens", ("manage_editForm", "manage_tabs", "manage_contentForm")), ("Change permissions", ("manage_access",)), ("Manage ZAWiW Pages", ("manage_changePri", "manage_addPart", "manage_changePart", "manage_delPart", "manage_changeTitle", "manage_delTitle", "manage_addLanguage", "manage_delLanguage", "", "index_html", "__call__")), ("View", ('', 'index_html','__call__'))) As I said, the permission to "Manage ZAWiW Pages" is assigned to the mitarbeiter role, as well as all other permissions of this class, and some others (adding Images etc.) If this doesn't clear my problem, I could try to strip it down to a minimal example and post the whole thing then. I use Zope 2.3.3-1 (debian package). Thanks, Markus -- You don't have to be Microsoft to suck... but it helps. (Tim Hammerquist in comp.lang.python)