The best practice is my question too, but ive thought about this question a long time ago. I believe the answer is to store user header information. Say you wanted to call several stored procedures but they all require a secret user guid only known at the db level for security sake, then the first procedure would load this secret key into that context, then whichever secure stored procedure you would like to call would have that key ready in memory to work with for that same connection. Today’s world they want you to keep connections open as short as possible, like for a single stored procedure call, then close. This secret key they would tell you to pass up to the program logic and let the program pass the key back to these secure procedures through parameters. But to me if the program logic touches this key, it would lose its extra secure magic. Following me on this?