After over a week, I'm obviously still not understanding something about Zope security. Every time I think I've got it, something fails to work as I expect. What I am trying to do (currently) is this: Create a really simple member folder thingy (Place) that lets a person log in and create generic DTML documents, as well as custom documents (Thing), in their space. As I understand it, the basic steps to do this are: 1. Create a new product (PlaceProduct). Inside that, create a Z Class (PlaceClass) with a meta-type "Place". The Z Class has a base class of "Object Manager", since I want it to hold stuff. Set up a "Security" == "manage_access" view inside PlaceClass so I can assign my role later. 2. Back to the Product list, create another new product (ThingProduct). Inside that, create a Z class (ThingClass) with a meta-type "Thing". This has some properties on it, but that is not important for the problem at hand. 3. Inside PlaceClass, set the subobjects to include "DTML Documents", "DTML Methods", and "Thing". 4. At the top-level of Zope, create a new role called "Contrib". Give it these permissions (let me know if any are unnecessary): Access Contents Information Add Documents, Images, and Files **Add Things** Change DTML Documents Change DTML Methods Delete Objects Manage Properties View View Management Screens ** emphasized 5. Set up a user at the top level, but assign it no roles there 6. Elsewhere in the hierarchy, create a "Place". Inside this, I'll have to give the user a local role of "Contrib". Now, as I understand it, the user should be able to enter his username/password to use the management interface for that Place, and should be able to add DTML Documents, DTML Methods, and Things there, delete them, edit their properties, etc. Unfortunately, what actually happens is that the user can create and manipulate DTML Documents and Methods just fine. When the user tries to create a Thing, a new password dialog pops up and refuses to accept the user's name/password. Have I missed a step somewhere, am I just completely off-base about the whole idea, or is something broken? On a completely unrelated topic, does ZServer seem to intermittently vapor lock for anyone besides me? I use the binary installation on Win98, and both 2.1.1 and 2.1.2 have done this. I can't identify anything in particular that causes it. Sometimes I'll just come back to the browser that I was tinkering in (after working on something else for an extended period), try to do something in the management interface, and get no response. Sometimes it'll happen when clicking a link (any link) on the site itself. When this happens I have to kill the DOS window that is running the server, then restart Zope. (I'm not running under Apache or anything like that; just running the start.bat file and using localhost while I learn the program.) - Gregor