[Zope] tracing permission settings

[Roy Mathew]

Folks,

When configuring a site with various roles and permissions, I often run into
the following scenario:

I have a user logged in with a somewhat restricted role (eg:
Authenticated) that is not allowed access to certain resources, and he
gets a login box popup.

What I would like is for a way to tell exactly which resource needs
the elevated permission, so I can simply go fix it.

What techniques are possible here?  Is there a debug setting/logging
for a "permission denied" resource?

Thanks,
Roy.