I've largely been able to ignore most of the Zope security mechanisms until now, but I have this new intranet app that's causing me problems. I have a folder called Reuters that has my application's methods; it has a subfolder called Staging that has documents being reviewed and subsequently published. I need to be able to limit the publishing to specific individuals. I created users in the Users Folder in my Reuters directory. I also created an editor role in my Reuters folder, and gave it what I thought were appropriate permissions, including manage_properties. I assigned the editor role to each of my new users. Users work in the Staging folder. When my users try to publish - which invokes a method that changes properties on documents in the Staging folder and also properties of the Reuters folder, they are prompted to log in by their browser. However, their usernames and passwords do not seem to work, and after 3 tries, they get a Zope error page saying they do not have permission to manage_changeProperties. I don't get it. Any clues? Craig -- Craig Allen - Managing Partner - Mutual Alchemy Web Architecture - http://alchemy.nu _______________________________________________ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )