>>The client has to have access to the PK to operate normally anyway, I don't >>see how that's a hurdle.

Usually in a delete SP a primary key is passed in to identify the record to delete. How is someone up to no good gonna get that info? Client applications hide this kind of information or at least they should.

>>Not admin priveleges, but discovery priveleges to be sure. SQL allows pretty >>granular access to its resources, and access to SP discovery can be >>restricted, but my point is that this stuff is not as secret as you might >>think.

I see.

>>How are they going to access a table directly if they don't have the username >>and password for an account with these priveleges?

The trouble is it can be had.

>>Again, this is anecdotal evidence which does absolutely nothing to argue the >>anti-RV sentiment.

Like I said, its not all about performance.

Regards,
Charlie