[Zope] security question

[Brad Crittenden]

hello:

for my zope, the root directory is protected so that anonymous users have no
permissions.  in addition to root, two other users are defined and given the
role 'internal'.  one of the users has a username/password.  the other
allows access based upon IP range.  this works as intended.

i now want to give anonymous users permission to access
/subfolder/index_html.  this dtml method accesses a database and uses
LocalFS.

my first attempt to realize this was to assign the appropriate permissions
to Anonymous for index_html.  when this failed, i went to the /subfolder
security and modified permissions there that seemed relevant.  i tried many
combinations until finally giving up and granting all available permissions
to Anonymous at the /subfolder and /subfolder/index_html levels.  so now,
all permissions are checked for 'acquire' and for 'Anonymous'.

even this does not work!  users attempting to access
http://myzope/subfolder/index_html are greeted with an authentication
dialog.

so, despite the fact that security seems to be a pretty simple concept i
seem to be missing something fundamental.

any insight would be appreciated.

thanks,
bac