Hi: In an attempt to solve the very same problem (Get a list of all users with certain role) I created an external method. It walks up the acquisition path, at each level checking the existing acl_users (if it exists) for all users with the role. I can't say this it is the best way to do it, but it worked for me. Here's the code: ============================== from App.Common import aq_base def getUserIdsWithRole(self, role): "Get all userids having a role. Local roles on self are considered too." item=self dict={} while 1: if hasattr(aq_base(item), 'acl_users') and hasattr(item.acl_users, 'user_names'): for user in item.acl_users.getUsers(): if user.has_role(role, object=self): dict[user.getUserName()]=1 if not hasattr(item, 'aq_parent'): break item=item.aq_parent keys=dict.keys() keys.sort() return keys ============================== Hope this helps, Shalabh Geoff Gardiner wrote:

I want to show all users who have certain roles / and or permissions (Zope 2.1.6). I can't see how to do this directly, because I can't see how to get hold of user objects, which I need to carry out has_permission, etc., methods.

I can show the userids of all valid users:

<dtml-in get_valid_userids> <dtml-let uid=sequence-item> <dtml-var uid><br> </dtml-let> </dtml-in>

but I can't get all actual user objects because getUsers is a method valid only for an identified User folder, and doesn't have acquisition.

Should I just go in and code a new get_valid_users in the style of get_valid_userids, or is there another way? Perhaps there would be a security implication (I can't think what) but that's not a major issue for me at the moment.

Thank you, Geoff