hi scott,

i havent tested this, but it's possible you can do your permission testing in SQL using a single filtered query. If the table with the protocols has a container column, LabKey may even do this filtering for you. Otherwise, perhaps you could join the source table to core.containers, then filter on 'container/name is not null' (b/c LabKey would not allow the user to view any records on core.containers where they dont have read permission). not sure if it would work in your case, but something that might be worth considering.