> Use permissions. The way SQL permissions are implemented is

execrable (they were designed by a committee) but at least, if you
design them carefully, they will give you the best of both worlds:
the intended protection resident on the server, without hard-wiring
any objects to conditions that might change without notice. Then the
client side doesn't need to know the logic, only the user and role
variables.

>
> ./heLen
>

Thank you Helen. Yes this was basically my plan. Based on advise from
another response I am going to scrap the stored proceure plan and
instead modify the View itself and beef it up a bit. My first
implementation was to hard wire it to SYSDBA - just to get things
going as all this is very new to me. The second phase was to remove
SYSDBA and instead query the various permission tables instead so
things are more generic. That is an issue in itself but I think your
book has good examples on how to do that.

cheers,
-randll