Hello, i have a security/viewing concern. I have some Yihaw folders who are not public. I removed the "view" permission on the folder, and trying to get in call the authentication windows. Fine. On my main page, i have the whatsnew, latest and toplevel methods with the skip_unauthorized option within the toplevel dtml-in. If i only have the "view" permission off, the yihaw folder and subfolders are still listed on the toplevel method. If i remove also the "access content" on the yihaw folder , no more listing on toplevel. Fine. But, when i do that, the "latest" method raise the authentication window, and even a manager role fails, it's an autorisation problem on the Catalog. Any idea for solving that ? Thanks in advance. ********* TRACEBACK ********* Unauthorized You are not authorized to access approved. [... SKIP ...] File /zope/2-1-6- clean/lib/python/DocumentTemplate/DT_In.py, line 611, in renderwb (Object: Catalog(bobobase_modification_time=ZopeTime()-14, bobobase_modification_time_usage='range:min', sort_on='bobobase_modification_time', sort_order='reverse')) File /zope/2-1-6- clean/lib/python/DocumentTemplate/DT_With.py, line 148, in render (Object: Catalog.getobject(data_record_id_)) File /zope/2-1-6- clean/lib/python/DocumentTemplate/DT_Util.py, line 329, in eval (Object: _.has_key('approved') and approved or not _.has_key('approved')) (Info: approved) Unauthorized: (see above) -- Didier Georgieff DDAF du Bas-Rhin - Cellule SIG 2, rue des Mineurs 67070 Strasbourg Cedex tél : 03.88.25.20.33 - fax : 03.88.25.20.01 email : [EMAIL PROTECTED] SIT du Bas-Rhin : http://www.bas-rhin.sit.gouv.fr GéoWeb http://sertit10.u-strasbg.fr _______________________________________________ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )