Hi, > A REST controller, assuming it extends the usual MVC controller stuff of > Flow in your case, should be affected by security as usual. OK, that was about as silly as it gets. A typo in my policy |-( Cheers -- Francois Suter Cobweb Development Sarl - http://www.cobweb.ch