Zope's fine-grained security model is powerful, but hard to manage. This tool gives the system administrator an overview of the security status of the site, by searching for "exceptions" to the default / acquired behavior. In particular, it flags all objects which meet have any of these criteria:

• Local role assigments;
• Proxy roles;
• Overridden permission mappings;
• Executable ownership which differes from the ownership of the 'aq_parent';
• Owner local roles which don't include the executable owner (leave out System Processes for unowned).

The product includes a screenshot showing a sample report.