Our preferred method is to have all objects and code in a single schema (DATA OWNER, %_DO) to which the DBA only knows the password. All access is done through DATA ENTRY schemas (%_DE. %_RPT, %_WEB) to which the business users only know the password and finally there are READ ONLY schemas (_RO) for everyone else. Data access and read only roles are created to simplify grant management and then a script which reads the role_tab_privs table is run to create synonyms This allows duhvelopers access to production data without danger as well as allowing fine grained access to "sensitive" tables HTH Dave -- Dave Morgan Senior Consultant, 1001111 Alberta Limited dave.morgan@xxxxxxxxxxx 403 399 2442 -- //www.freelists.org/webpage/oracle-l