Hi, I have the following situation: (1) I'd like to use Zope's security model, so I can prevent unauthorized users from accessing contents in subfolders. (2) I want to keep user name and password in a database, not in acl_users folder. (Basically, I would like ZODB to be read-only. So I can't add users into acl_users, I have to add users into my own database.) (3) I don't want to use the pop-up dialog box to enter the user name and password. I want to do it through HTTP form interface. So, what can I do? Is there a way in Python to tap into ZODB Authentication? I mean, I could create a generic user for the purpose of ZODB user authentication, and then activate the ZODB generic user from the HTML authentication. Or is there a way to add a role to the current AUTHENTICATED_USER, dynamically? This problem seems common enough that people have probably addressed it before. Where can I find more information on manipulating Zope's AUTHENTICATED_USER? regards, Hung Jung ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com