> lfl ** I check to make sure that both of the two new users are in > fact enabled and both are not allowed access to the application. A user is first authenticated, this only means, that "he is he" (by a mean of password, this is done with a browser popup window). Then he is authorized for each action. This happens behind the scenes and in case authorization failed an "access denied" message is presented instead of usual data. Which case is yours? -- DO4-UANIC