> It would create a load of extra work for maintaining grants and > synonyms and generally complicate build scripts for no benefit that... I agree. We used to enforce the policy of having a data account and a code account. In addition to more work, one annoyance is that whenever a new table is created in the data account, a new grant, and a synonym (if not prefixing "owner." in code and not using "alter session set current_schema") must be created in the code account, but this is sometimes missed. We don't grant "select any table" to the code account. For a long time, I've wished Oracle to allow "grant select,insert,update,delete on <schema> to <grantee>". Yong Huang