I originally removed the IDs as I didn't want the user hacking around trying to find someone else's data. It's the usual use-case I suppose and certainly something that I do whenever I see IDs in the query string. I can check the authorisation of the user in the find() or similar but the @DataModel approach means I don't have to bother with that. Sounds like from http://jira.jboss.com/jira/browse/JBSEAM-1734 that you're looking at removing the @DataModel entirely? JBSEAM-2391 just needs the DataTable populated from a list annotated with @DataModel or am I missing something? Cheers, Damian. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4114605#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...