Hi, a) I have problems with your conception of roles in your RBAC scheme. Normally in RBAC[1] a subject can execute a transaction if the currently active roles of the user allow this. You require that the user should have all of the roles that are currently associated with the library. This makes simple things difficult and complicated things impossible. My policy should be: each user can do everything with his own dataset. the group of a user can access (view and push it to history) the library. a group of bioinformaticians can do everything with allmost all libraries. How would you implement this in your sheme which requires "all of the roles"? Would I have to create a new role for each combination of user/group/bioinformaticians? If you would require just "one of the roles", you would simply add 1) the user as a role to the lib (for everything) 2) the group the user is in as a role to the lib (for pushing to history + view if this is implemented) 3) the bioinformatician group as a role to the lib (for everything) b) An important permission would be to be able to view the item. I played around (maybe not enough) but could not find a way to really hide an item (library, folder, dataset) from the view. c) The little arrow pointing down to bring up the context-menu is very small. It would be helpful if you could maybe make it bigger or turn it into a button. thank you very much, Ido [1] http://csrc.nist.gov/groups/SNS/rbac/documents/Role_Based_Access_Control-199...