Hello, I am running through a somewhat weird error. AFAICT, it should not happen. But, well, it does. This involves two folders, an user, a DTML method and a file: / (Zope root folder, which defines 'manager' as Manager) /folder (defines 'Viewer' role) /folder/acl_users (defines 'viewer' user with 'Viewer' role) /folder/method (content is '<dtml-var title_or_id()') /folder/subfolder /folder/subfolder/file All objects belong to "manager". I have defined permissions like this (the one which are not mentioned are default): - '/folder' : "View" and "Access Contents Permission" : does not acquire from parent, only granted to 'Manager' and 'Viewer' roles. - '/folder/subfolder' : as for '/folder'. - '/folder/method' and '/folder/subfolder/file': default (every permission is acquired). When I try to visit http://server/folder/subfolder/file/method as 'viewer', I am asked to authenticate myself, and I am authorized to see the title of the file. Good. But if I unselect the 'Manager' role for the 'View' permission of '/folder/subfolder', user 'viewer' is now unauthorized. Error is: Traceback (innermost last): * Module ZPublisher.Publish, line 101, in publish * Module ZPublisher.mapply, line 88, in mapply * Module ZPublisher.Publish, line 39, in call_object * Module OFS.DTMLMethod, line 130, in __call__ <DTMLMethod instance at 91df560> URL: http://server/folder/method/manage_main Physical Path:/folder/method * Module DocumentTemplate.DT_String, line 474, in __call__ Unauthorized: You are not allowed to access 'title_or_id' \ in this context I do think that it is not supposed to happen. But before digging a little deeper to try to find out where the error comes from, I wanted to be sure. Any clues? I am running a clean install of Zope-2.7.2 and Python2.3. -- Damien Baty - damien@pilotsystems.net Pilot Systems - 66, rue de Provence - 75009 Paris Tel : +33 1 44 53 05 55 - http://www.pilotsystems.net Hébergement Zope et Plone gratuit - http://www.objectis.org