Hi, I'm new to Zope development and I'm quite stuck with the following problem: I'm building a website with Zope, postgresql and exUserFolder. One of the tables of the postgresql DB stores addresses from different website users. I have built a ZSQL method which retrieves users addresses from that table taking the user identifier as the input variable. The thing is that I would like to assure that each user can only read his own addresses. To accomplish this I have done the following: I have put the ZSQL method in a folder (sql/restricted) where only owners and managers have “access content information” and “view” permissions (my users have member roles). Then I have written a python script with “owner” proxy role with the following code: request = container.REQUEST user = request.AUTHENTICATED_USER regs = container.sql.restricted.my_zsql_method(user_id=user.getUserId()) The problem is that when I call this method from a Page Template I get the following error: Unauthorized: You are not allowed to access 'attribute1' in this context. Finally I wrote an external method with the following code: user = REQUEST.AUTHENTICATED_USER addresses = self.sql.restricted.my_zsql_method(user_id=user.getUserId()) cp_addresses = [] for address in addresses: address_dict = {} for key in addresses._schema.keys(): address_dict[key]=address_dict [key] cp_addresses.append(address_dict) return cp_addresses and this works. But there MUST be an easier and more efficient way of doing it!!! Does someone know what I'm missing? Thanks a lot, Toni.