Today I ran into an issue in Zope where even after you delete a role that the permissions associated with that role exist. If a user has that role assigned to them, whatever permissions where last assigned to that role will be available. To test this, I created a test file with the following code: <dtml-if "AUTHENTICATED_USER.has_permission('Set Access Rule',content)"> foo </dtml-if> I chose Set Access Rule as a permission that is not normally associated with a regular user. Testing this page produced no foo because the user does not have access to the "Set Access Rule" permission on the content object (you could pick any Zope Object to test on). Then I created a test role. I assigned that test role to a user. I again tested the output and got nothing. I then gave the test role the permission to "Set Access Rule". Now when the page is reloaded, foo appears. Here is where it gets interesting. After deleting the test role, foo still appears. This means that the role, while supposedly deleted, still exists and is still assigning permissions. Finally, I create a new role with the same name as the test role I created earlier. This new role had the "Set Access Rule" button already selected--indicating in my mind that the role was never really deleted. If I am correct about this, this means that if we create a role and then delete it, we will need to make sure that the role does not exist for any users or they will continue to have the access that they had before. Has anyone else run into this or seen a reported bug similar? (I searched the Zope Bug Collector to no avail). -Jason _______________________________________________ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )