We haven't got to grips with the whole "CLR Integration Security" thing yet. And with SP2, MS took away the ability to grant execute permission on UDA's. The loopwhole is that they didn't take grant execute permission away on the database that the UDA sits in. So by doing GRANT EXECUTE on the entire database for your login, you still can get your login to have permission to execute your UDA without trying to fathom how "CLR Integration Security" works. It's a bit drastic, but it works!