Jordan, Hopefully you'll get some expert replies. In the meantime, I have a simple suggestion. Have one username for your schema owner. This schema owns all the application's objects. Use other usernames for access. This simple strategy allows you to increase security in a number of ways. When every access method uses the same username, then you can't change the password without telling it again to everyone. If each access method (clients, report viewers, etc.) use different usernames, then when you have a runaway process you can track it to the source more quickly. Dennis Williams