How about using the common filter functionality: http://web2py.com/books/default/chapter/29/6#Common-filters
db.define_table('t_site', Field('f_contact_email_string', type='string', label=T('Email')), Field('f_organization', type='reference t_organization', notnull = True, label=T('Organization')), common_filter = lambda query: db.t_site.f_contact_email_string == auth. user.email, migrate=settings.migrate) So, when you select from the t_site table, it will only pull records where the f_contact_email_string matches the email of the current logged in user. You could add similar filters to the other table definitions. Note, as is, the query will produce an error when the user is not logged in because auth.user.email will not exist in that case -- so if queries are ever run for non-logged in users, you'll need to accommodate that case. Anthony