>You give IUSER_MyObject access to the directory where the files are.
>Now you give Joe User access to your Object by NOT to your files.
>
>Of course, if they are just going to be querying data, won't just giving them Read Access only to the files do it?

Yes giving them Read Only Access would do it. But the VFP app will probably have a long life, and the integrity of the data (which is rule intensive) is pretty crucial to the app running smoothly & happily ever after. So I'm thinking long term here - If I put my rules in a table fine & dandy, I got my 3 tiers nice and clean so long as the Read Only access never changes. And sure, I could do some power coding to put a little padding around that weak spot of ensuring RO access. But I see that as a lame cop out of making sure my data is always secure for the life of my app (no matter how long that is).

I guess what I'm getting at is I wouldnt want to adopt an implementation approach using a Rules Table validation technique unless I knew for sure that the real data tables in my dbc were just as protected as they would be using dbc field rules - no matter what network user rights happen to be.