In the new security model is it just attributes that are methods that are protected or is it all attributes? For example, I have a lump of text in an Article class which is stored in self.body. Now, would I need body__roles__=None or somethign similar to be able to do: <dtml-var body> ? cheers, Chris