I'm using LoginManager and the loginForm cookie method for security. I want my login form to use the same standard_html_header, stylesheet and so on as my system. My hierarchy is / Strader StyleSheet acl_Users loginForm I've denied anonymous access to Strader and so on, but I want the loginForm to be able to load standard_html_header, which in turn references a few things in Strader Anyway, my loginForm has this: <dtml-with Strader> <dtml-var standard_html_header> </dtml-with> I've given the loginForm a proxy role called "Customer" Customer has full access to Strader and everything in it. It looks like standard_html_header is rendered, but when standard_html_header calls StyleSheet and other objects in the Strader folder, I get the browser login box. Cancelling that shows "access to StyleSheet denied". Its as if the proxy role assigned to loginForm is discarded by standard_html_header, even though I didn't assign standard_html_header any proxy roles. Is this a bug, or by design? -- Also, I see that I have some very strange permissions in my list, looks like an installed product goofed. I see this single character permissions. A C D G Z a d h r s t Ahh.. Looks like ZGDChart hasn't used a tuple where it should... Brad Clements, [EMAIL PROTECTED] (315)268-1000 http://www.murkworks.com (315)268-9812 Fax netmeeting: ils://ils.murkworks.com AOL-IM: BKClements _______________________________________________ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )