"Phillip J. Eby" wrote: > > IIRC, this stuff got broken by the switch to the new security machinery. > ZopeSecurityPolicy doesn't check 'foo__roles__' on the parent object the > way ZPublisher does/did. Can anyone say why? cheers, Chris PS: Will the new new security stuff (still in proposal stage, IIRC) start checking this stuff again?