"Building an audit system just to be able to point fingers sounds a little over the top."
Not necessarily. In my application we keep history tables out the wazoo because our executives upstairs want to keep track of everything-- especially things concerning money. Fraud prevention is one motive, but we generally just don't trust users to NOT screw things up, even if it is well within their security permissions for them to have performed their action. (we have tons of security restrictions too) Even if we have an employee whose is the certified check printer for our company, it basically comes to down us still not trusting them. And it doesn't always have to be about fraud-- sometimes people will blame our application for screwing up an order, and then we will research and find out it was their own fault. That has nothing to do with permissions really, but just tracking what each user has done to the database. ~Brad ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:253433 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4