idid sometihng like this to prevent access. can be refined as needed this can be called forme a trigger. CREATE OR REPLACE procedure set_t_batch AUTHID CURRENT_USER IS v_sid v$session.sid%TYPE; v_username v$session.USERNAME%TYPE; v_osuser v$session.OSUSER%TYPE; v_program v$session.PROGRAM%TYPE; v_machine v$session.MACHINE%TYPE; BEGIN select sid, username, osuser,program,machine into v_sid, v_username, v_osuser ,v_program,v_machine from v$session where audsid = userenv('sessionid'); DBMS_OUTPUT.put_line (v_sid); DBMS_OUTPUT.put_line (v_username); DBMS_OUTPUT.put_line (v_osuser); DBMS_OUTPUT.put_line (v_program); IF (v_program like 'JDBC%') THEN IF (v_username = 'ABC') THEN dbms_session.set_role('RL_BATCH IDENTIFIED BY abc') ; ELSE NULL; END IF; ELSE NULL; END IF; END set_t_batch; Jeffrey Beckstrom <JBECKSTROM@xxxxxxxxx> wrote: Since I can not disable a role through a logon database trigger, I am seeking help in how to prevent a user from updating tables outside of the third-party application. The user is granted a role which permits update. I can not password protect the role since it is used by the third party application. What are some options. Fine grained access control is not realistic since would have to set it up on every table in the system. Jeffrey Beckstrom Database Administrator Greater Cleveland Regional Transit Authority 1240 W. 6th Street Cleveland, Ohio 44113 -- //www.freelists.org/webpage/oracle-l -- //www.freelists.org/webpage/oracle-l