[AccessD] Cascade-delete (was: Estimating Help)

Gustav Brock gustav at cactus.dk
Sun Feb 9 12:43:00 CST 2003


Hi John

>>As a general note, it's the responsibility of a trusted user to not pass
>>his/her access to an application to another user granted lower
>>rights to that application and its data.

> That's about like the car company saying "it's the responsibility of the
> driver not to have an accident", when faced with liability for not providing
> safety mechanisms.  Absolutely true, but completely irrelevant.

No it's not like that. It's like a father passing the car keys to his
twelve year old son. That's not the responsibility of the car
manufacturer.

As a user with admin rights you left your application free to use by a
non skilled user with no admin rights - no developer can prevent that
other than secure every single operation with some kind of
authorization like a request for a password or a fingerprint. Such a
system is relevant for applications launching nuclear fireworks and the
like but not for the daily work with business applications.

For specific and seldom operations, however, it can be OK; I have seen
an accounting application which asked you to type in D-E-L-E-T-E to
approve you really wanted to delete a financial year and all its data.

Reading Rocky's post on this, it's something like that he's talking
about.

/gustav




More information about the AccessD mailing list