I have common set of resources I want individual clients to access but I also want the clients to supply their own secure contexts. However being something of a Zope newbie I'm a little hazy on how I should implement the security in Zope. I have a folder structure as follows: - Common Common resources (dtml method, images etc. etc.) - Clients - AndyInc - acl_user Folder (Users from AndyInc) - BobCorp - acl_user Folder (Users from BobCorp) I can set 'Authorised' security on the AndyInc and BobCorp folders and then do things like: http://zope/Common/AndyInc/CommonResource and Zope will ask Andy to authorise himself before performing publishing CommonResource in the AndyInc context. http://zope/Common/BobCorp/CommonResource has the same effect only now Bob has to authorise himself. QUESTION: But how do I specify security settings (Roles? Proxy Roles??) so that I can stop users from doing things like: http://zope/Common/AndyInc/BobCorp/CommonResource Where because of the naïve security settings I'm using, Zope will ask Andy to authenticate himself and having done so will grant access to CommonResource but in the BobCorp context. Which is NOT what I want. Do I need to create a new Role for each client folder and then grant that Role to the users authorised by the client folder? Is there a better way? Any help greatly appreciated! Stuart Nicholson Software Engineer. Wireless Data ---------------------------------------------------------------------- The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorised to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. Wirelessdata Ltd is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt. ----------------------------------------------------------------------