...

How could I do so that only users from a certain IP address will need to authenticate - outsiders? Others - insiders - will not.

Make an anonymous user with no password, and domain set to the IP block you want to consider "inside". See http://www.zope.org/Members/michel/ZB/Security.dtml -- particularly the parts right after Figure 6-1.

Do you mean by anonymous user - role Anonymous, ie no roles? So when IP address is "inside" then user gets Anonyomus role otherwise user must have role? Idea is good but then I must give access for Anonymous which means everybody has access. Which means no IP blocking is done and I'm back where I started from... :( So I thought make two users - "insider" and "outsider" and give "Guest" role. Outsider has password and insider has not. Gave correct domains. And I removed all anonymous access. Still login is required from both. They don't get automatically that role like book says. Sven