Just a quick question... If I manually add a person to group['admin'] (@admin) does that mean they have admin permissions? Or is that just the name of a group... Just trying to make sure ZAP's new membership mgmt capabilities don't open up another security hole. It's easy to block--just not sure it's needed. Cheers, Dan