There are some interesting security implications around the issue of granting DML privs on columns. Logon to a database and run this script: drop table gt; create table gt ( last_name varchar2(20), first_name varchar2(20), salary number ) / insert into gt values('Simpson','Homer',100000); insert into gt values('Flintstone','Fred',200000); insert into gt values('Rubble','Barney',300000); commit; grant update(salary) on gt to scott; Now, if Fred Flintstone logs on to the database as scott, he can determine that Barney Rubble is making much more money than he is. If he is patient, he can determine the exact figure. Here's how: begin update js001292.gt set salary = salary where last_name = 'Rubble' and salary >= 300000; dbms_output.put_line('count: ' || sql%rowcount); rollback; end; / Fred now knows that Barney is making at least 100K more than he is. Mr Slate is about to get an earful. -- Jared Still Certifiable Oracle DBA and Part Time Perl Evangelist -- //www.freelists.org/webpage/oracle-l