I had hoped not to have to explain the whole situation, but here is a summary of the requirements.

1) No access to any tables except through our application
2) No hard-named users or roles (no super user accounts)
3) no user names or passwords can be embedded in application or stored on client machine in any way - even encrypted
4) Both Win and SQL authentication must be available

that's most of it. We "solved" it with a single stored procedure that took session ID's and then passed all SQL requests on to sp_executeSQL - worked great until we started pulling permissions back and ran into the problem as described.

>>Chad,
>>
>>Both .NET Data Access and VFP use SP_ExecuteSQL to do their work with SQL Server. Check the profiler and you'll see this.
>
>Ken,
>
>That is true, but that is more internal than what you described you were trying to do. If all you want to do is to limit access to the table except from within your app, you could create a SQL Authentication account that your application uses to connect and then don't add any Windows authentication access for user 'Bob'. Would something like that not work for you?
>
>Chad