Hi Erik,

Thanks for the info. I think I've got a handle on it now.

>
>In my security framework, there is a rights table that serves as an intersectoin between user and module. If a certain user has rights to a certain module, he has a record with his username and the module name.
>
>The application startup instanciates a global security object that takes care of user login. (properties determine if login is needed, or the username is grabbed from the OS).
>
>The object has a method called CheckRights that receives a module name as a parameter. It looks in the rights table to see if hte current user has rights to that module and returns and returns .T. or .F.. This way any object in the app can check for rights just by passing the name of the module it is checking. A menu item's SKIP clause might have
>
>!goSecure.CheckRights("Customer")
>
>So if the current user does not have rights to the customer module, the menu item is disabled.
>
>The base class of every object that could be secure has a property called SecurityModule. If it filled out, then that object knows that it must check with the security object before it can show or enable itself. For buttons and databound controls, this is done in the Refresh method. For forms, the init method.