I've been trying to do implement something similar as well.=20 There is also the option of proxy authentication. In a nutshell, proxy authentication allows you to connect as a regular database user over the deployed username/password deployed on the application server. In this manner, all database operations (roles, auditing, etc.) are applied as if the user had logged in directly. =20 Take a look at: http://download-west.oracle.com/docs/cd/B14117_01/java.101/b10979/proxya .htm#sthref2137 http://asktom.oracle.com/pls/ask/f?p=3D4950:8:18420196747264677761::NO::F= 4 950_P8_DISPLAYID,F4950_P8_CRITERIA:21575905259251 http://www.oracle.com/technology/sample_code/tech/java/sqlj_jdbc/files/9 i_jdbc/OCIMidAuthSample/Readme.html One thing I haven't been able to figure out is how to implement this as a managed connection pool within OC4J. It seems that I need to manage the connection pool within my java application itself. But as I'm pretty new to web applications, I'm probably missing something basic. HTH, Alan Davey > -----Original Message----- > We are fighting the exact same fight. Oracle provides a mechanism > with DBMS_SESSION.set_context and sys_context. However, this is not a > magic bullet. We have a web-based application with pooled > connections. >=20 > ... -- //www.freelists.org/webpage/oracle-l