I think it's actually a neat feature. - As Don Seiler says, it gives you an element of control over what the database is connecting to. It is good to know and understand the interfaces that are being used. - When the developers ask for something to be opened, it gives you the opportunity to discuss their approach to make sure it makes sense. On numerous occasions, once I probed a little, I've found they are using a totally inappropriate solution. If they had not had to initiate the contact, we would have implemented sh*t. :) I never do a blanket open all ACL (exception on my play VMs). Cheers Tim...