I have select and update roles on all application tables, subdivided by functional area where possible, and grant those roles to developers. I regularly extract granted privileges (and other metadata) from the development and test environments using dbms_metadata so that I can easily recreate privileges (and passwords) after a development/test database is refreshed from production. In some environments I need to grant "drop any table" so that they can do a truncate. In that case I use a trigger on the drop command to prevent developers to actually drop any but their own tables. Quoting Jeffrey Beckstrom <JBECKSTROM@xxxxxxxxx>: > Wondering what other people do in granting privileges to developers in > non-production. Do you grant system (update any table) privilege or > privilege to the individual tables. > -- regards Wolfgang Breitling Oracle 7,8,8i,9i OCP DBA Centrex Consulting Corporation www.centrexcc.com -- //www.freelists.org/webpage/oracle-l