When I did TTW development on Zope 2.x I used proxy roles to lock down access to the data, requiring the use of the business logic (which had the correct proxy roles) of my applications (basically it allowed advanced access control from within the business logic). Is this doable with Grok? Is it advisable? Any tips on how I do this? Mvh Sebastian