I did check Dave's post, but there is so much code there without formatting I've got a headache
You are getting the hang of it.
The rights setup in the database is so complex that many others have got a headache and tried and tried as you can see.
It simply ain't so that the rights were in a single table and you just write a simple query to it.
One way to tackle that is to put the SQL trace on and pick the query from the trace.
If you look at the security ERD in tech ref that is a joke. Something more useful is needed.
If you say you cannot get what you want with the suggestions give you will be getting more suggestions.
Martti K.