Yes, I think that _may_ solve your problem. Try granting only INSERT and UPDATE on the table then grant only SELECT permission on the ID column (I assume it's autoincrementing?) and the user_id column. If you don't make the user_id column visible, how will you ever discover the correct ID to update? (Unless there is only ever 1 record per user_id in which case you won't need an auto_incrementing ID column and you will already know which user_id to update....hmmm....maybe I should think just a bit more before I start typing... :-) )
You only need to expose what would be public knowledge anyway, right? I think your encrypted data will still be protected by the database so long as the invaders do not get ahold of a privileged account. Shawn Green Database Administrator Unimin Corporation - Spruce Pine Todd Charron <[EMAIL PROTECTED]> wrote on 08/30/2004 04:30:24 PM: > Thinking about this some more, it might be possible to achieve what my last > email suggests by allowing select on the primary key column. Or would that > set us back again? Thoughts? > > Todd