Hi all, I've been asked to shoehorn a user with "read only" access into a database which wasn't designed to accommodate that. Creating a role with select only on tables and views was easy but I'm struggling with how to handle packaged functions (which allow indirect access to view data). I can't grant execute on the whole package, as it also contains procedures that allow data changes. I could create wrapper packages with only the functions exposed, but that looks like a great big maintenance swamp as this isn't a very stable app and the developers keep on changing the package interfaces. Any easier ideas? (9.2 btw) Thanks - Charlotte --------------------------------- Do you Yahoo!? Jazz up your holiday email with celebrity designs. Learn more. -- //www.freelists.org/webpage/oracle-l