• I'm assuming you can't use suser_name() or an equivalent because the application connects using a SQL Server login rather than windows authentication. You could prevent deletes, etc. from occurring outside the stored procedures by adding the users to the db_denydatawriter role and granting them execute on the stored procedures.