thank you again cphite for coming back...

i can't agree more with your advice of not going by the credentials in the url option..it is definitely a stupid solution..(despite finding in how to do it..) and is a question on the security...

all your statements on giving a group / individual the required access make complete sense..hopefully the emphasis on these things changes their perception..it seems they can't provide a group, the needed access (that application doesn't support it perhaps..it only understands individual accounts)..and have to provide access to all the users individually..but then there's no way out..they have to do it..

hopefully it gets sorted... 🙂

kind regards...