Augusto, sort of along the same line of thinking as Dave ... play with the user's logon as soon as they login...
Modify your LOGIN VOC item so that it: a) Checks a Data Security flag for that specific user [ @logname = Item ID in DSA.Flags file] b) Open the Cust.Secure.Data file to a named common in a short program if they have clearance c) If they don't have clearance Open the Cust.Skinny.Data file to the same file name in the named Common The named common will follow the user to whatever account they logto (if you log them around in the app or if they can Logto). Downside: You will have to modify the code where you are opening this file in the App, since it will already be opened. BTW - This approach should meet PCI compliance, and others, since you are making a positive grant of access based on the User logon (rather than role based or menu based security). I would check the language of the controlling standard - sometimes they hint at the approach they want you to take. HTH, -Baker <snip> from Dave Another approach is the following: In UniData this could be done by using environment variables, and assigning the variable with different values for some users than for others. For example: F @ENVVAR/PRIVATEFILE D_PRIVATEFILE User "A" (privileged) could have it set to C:\private. User "B" could have it set to "." I don't know how much trouble that is to set up for windows users though. </snip> <snip> Augusto: We need to hide some private data (customer personal data) in order to fit with our Private Data Protection Law. But only for some users, the others, they need to have full access. Our app is complex enough to modify the source code. <snip> ------- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/