Hi Woodie,
>Is it as simple as MODIFY REPORT?
Depends on your security needs. MODIFY REPORTS more or less gives users access to your entire application. Through the dataenvironment they can open any table, with field expressions they can execute any code. Make sure, that MODIFY REPORT is in line with the other security techniques employed in your application. For example, if you encrypt tables, only those should be able to modify a report that have full access to all files, anyway.
Regarding the customization. One common approach is to exclude reports from the application. Put the default reports into a "reports" directory, and store modified reports in a "userreports" directory. Both should have the same parent directory. When you modify a report, you first copy the report into the userreports directory, then let the user modify it. When printing a report, first look for a report in the user directory. If you can't find the report there, use the one in the report directory.
--
Christof