1 Reply · Latest reply on Nov 29, 2017 12:45 PM by Sachin Namjoshi

    Hide data from admin (but admin must have development access)

      I think it may be impossible - Which means you always have to trust your admin, even with secret data, about that Admins salary for example....or maybe HR complaints about him (Surely this would be against the law)?



      I've tried all sorts - Application Administration (Aka scoped administration), Delegated development, turning off ACL override for admin, combining application admin with delegated dev, setting 2 roles as "application administrators" then revoking 1 role, etc etc.


      Ultimately though, either;

      1) the admin is locked out of development AND data.

      2) the admin can do development AND see data.


      Either combo is bad. We need "Admin can do development, but can never see the data - I.e. the ACLs are off limits for that table, as is the data - Otherwise the admin could just disable the ACLs, etc then view the data).



      Hope you can help? I will buy you a gallon of beer