I had to essentially roll my own brand of security after converting from 2003 to 2007. The trick here is to be sure you make it a real pain in the toches for anyone to see the database window. Then let them do things through forms with data controls and command buttons. Then and ONLY then will you have adequate control over what your users see. If your prior security scheme depended on MDW security to prevent folks from seeing things, i.e. they can see the database window but MDW "hid"things from your users, you will have a long conversion road ahead of you.