We are running a third party application for which the users are granted a role. The role allows the users to update the table applications tables. The problem is that I do not want a user being able to do an update outside of the application. I thought I came up with a solution to this by disabling the role if the the terminal running the application is not one of the servers we expect, i.e. if the connection was via sqlplus from a users PC, the terminal id would not match and I would disable the role. If the user was granted other roles to view the tables, those would remain, just the update role would be disabled. However, I now find that a database "on logon" trigger can not disable a role. The procedure that I was calling from the trigger to do the disable had authid current user but the problem is the trigger. Is there any way to disable a role from a trigger, or is there some other way I can disable the role. We do not want users being able to update tables outside of the application. Jeffrey Beckstrom Database Administrator Greater Cleveland Regional Transit Authority 1240 W. 6th Street Cleveland, Ohio 44113 -- //www.freelists.org/webpage/oracle-l