[eluser]mdcode[/eluser]
That's got rid of the errors but I think we're getting wires crossed somewhere down the line as a non-admin user can see edit all records.
Information in the session variables user_state and user_dept should never equal false. If either equals 0, it is effectively Admin access to the information (and the page should display. If it's anything else, they can only see/edit the information for their state and department.
If the information in the database does not match user_state or user_dept AND neither equals 0 (Admin access), then the error message should be displayed.
Is that any clearer?