Hi Chip I t hink you'll definetively will need an auditor, a 2nd person who gives privileges to that. So the only person to create procedure (and connection to production database) will be him.He will know any think is being enable. And of course he will be responsible if some non pr oduction code is being run, or at least will know who did it. I don't know about any o ther idea. I t hink the principle of security, SarBox auditors want is that. I think is definetively interesting, the problem is who pays the DBA auditor. -- //www.freelists.org/webpage/oracle-l