> Permissions, sure. Perhaps I've missed something essential,
> but why does user B have any access to user A's data at all?
> As long as they have different user names there's no reason
> they should be able to see each other's data, let alone
> destroy it.

From my initial description I'm not worried about user B as they are a
standard everyday user who can just about use a PC, but user A is a
developer who knows firebird/interbase and would therfore be able to get
hold of user B records by bringing up a console and manually write scripts.

> Even if they share tables, separate permissions can be
> enforced with views.

My point is that if the user knows the SYSDBA password then they can see
everything. If they don't know the password they can setup a separate
interbase server where they know the SYSDBA password and access the database
from that server as SYSDBA. OR am I missing what you are saying. Can I
actually setup permissions in such a away that not even the SYSDBA can
access the data?

This brings me onto my next topic of conversation (which I'll start a new
thread for as I can see it being quite topical), deployment to a machine
where interbase is already installed.

> Encryption is a problem - first, because secure encryption
> is very expensive and insecure encryption is ... well ...
> insecure.

This is very true but I can't see another way of doing this.

Regards,
Marcus.