how does the indirect permission setting work? this can be found the form that sets up the user roles.
This means, that a user has to have two rights to i.e. write to a table: first the indirect right to write to the table and then the right to execute an object, that itself has the permission to write directly to the table. Sounds weird ? Think about the G/L-Entries. No should be able to write directly to this table to keep the G/L consistent. But a user of the accounting-department has to be able to create entries to that table by posting an invoice. This means, that he has to have the right to write “indirectly” to that table. And he also has to have the right to use the posting-function, that will create the entries.
well i don’t think i will be using that funtionality much.
Sure ? I’m afraid you will need that. Look at the roles that come with the standard. Especially the ones for posting-rights.
Hi jordan, Was in KL last week, nice. Give you a simple example - you gotta make a report/dataport to do something to the GL entries table. Customer forgot to fill in Dept, so he wants you to fill all blank dept codes with some value. When the customer runs the dataport/report with his license, he will not have persmissions, typically, to fiddle with the GL Entry table. So on the dataport/report you would set permissions on the GL Entry table. He has no direct right to touch this table, but the application has. Richard’s right - you WILL face this sometime!
nice to know that you enjoyed KL 
i have tried out what you said, and i realised what you say is true, you WILL difinitely need to use this. tq.