> I think that COTS applications always have unique concerns. I should have > been clearer that this is an in-house built app. > > But that's a very interesting scenario and approach. Thanks for sharing > that. I have two questions. Do you include SELECT in DML, sometimes it is > and.. If you control INS/UPD/DEL via the view only database, I guess that's > fine, but do you force selects too? No I don't include SELECT in the category of "DML" since it's not Manipulating anything. I can see restricting the tables from which queries are run being a future requirement, but for now SELECT is wide open. > Second, why choose to not create any other schemas in our production? You're > attempting to overcome a security deficiency in the prod database, why not > create the Gatekeeper schema there? Seems like an aesthetic decision more > than a practical one. I'm not sure I follow you. The GRANTs are to PUBLIC, which is a special role that cannot be revoked. How would the gatekeeper prevent access other than perhaps a complex web of triggers? Rich -- //www.freelists.org/webpage/oracle-l