Hello Zopistas: Just wanted to check if this is a bug or a feature: All this following is made programatically with a combination of DTML and python external methods. I add a Role, let's call it "role-1" and I assign it to say "user-1", Later on, programatically I delete "role-1" with a : <dtml-call "manage_defined_roles('Delete Role', REQUEST)"> Having passed the "roles" list in the REQUEST with the "role-1" I want to delete. "role-1" is succesfully deleted from the place (tree level) where it was previously added. Now, it happens that if I view a method which has: <dtml-in "AUTHENTICATED_USER.getRoles()"> <dtml-unless "_.getitem('sequence-item')=='Authenticated'"><b> <dtml-var sequence-item></b><br> </dtml-unless> </dtml-in> It still displays the "role-1" role as one of the assigned roles to the user (the AUTHENTICATED_USER, i.e. "user-1" in this example). How come is "role-1" still assigned to the user even it was deleted (the role).? If I again, manually or programatically add up again "role-1" at the same level it was originally entered, it happens that "user-1" automagically gets "role-1" as one of its assigned roles. Now, the question is: Is this a bug or a feature ? I would have expected Zope, either to: 1.- Do not allow role deletions if there are users with that role assigned. or 2.- Delete the role with no further questions and delete all assignments to any and all users that have that role assigned at role deletion time. or 3.- A more complex combination of validations..... Any comments on the above behavior are appreciated. Thanks and best regards. Felipe Barousse.