>I saw a discussion on another NG and now I'm curiously trying to fill in the holes of my understanding. No one lets me near enough to a server to really learn (break things!)

You got some good detailed replies to this already, but I want to comment on this in general.

Generally, whatever rights you have assigned via the OS, the user will have regardless of the front-end. This is why I use as many database features as possible. These include triggers, default values, constraints and stored procedures. This way, my data integrity is independent of the front end [user] accessing the data.

I use Insert, Update and Delete triggers extensively. My insert triggers in Oracle populate PKs using sequences and other key fields such as Updated_By and Last_Update date. My update triggers also update the Updated_By and Last_Update fields.

If my backend is VFP, I use the similar features of the DBC.

No matter what you do, there will always be at least 1 user who want to access the raw data. So, it pays to put in the effort on the back-end. When you do, the front-end development, if you have a decent framework, is almost mindless. :) See ya at DevCon!

>1. In my FPW2.6 days the tables and the EXE lived on the server together. The user had to have full rights to the directory in order to run the app, so the tables were basically sitting ducks which could be edited in Excel.
>
>2. With a VFP DBC under an NT4 server, rights are still set at the directory level and the tables are still accessible outside the app through ODBC with Access or whatever. Is this correct?
>
>3. With a VFP6 DBC under W2K server, rights can be set at the table level, but a user with rights to the table (which they would have to run the app) can still access the tables outside of the app (as above through ODBC.) Is this correct?
>
>4. With a COM object running under MTS deployed on the server with the data, access to the data can be restricted to the COM "user" only, so this effectively provides security but requires the overhead of MTS. Is this correct?
>
>5. With VFP7 we are supposed to have some database events which will allow a database deployed on an NT4 server where the user has full rights to ask "who wants to know?" when the data is accessed. A user accessing the data through ODBC and Access or whatever would be missing the oIHaveRights object and could be denied access. There is a DevCon session devoted to this one, so I'll get the whole story there.