- My View
I think it may be impossible - Which means you always have to trust your admin, even with secret data, about that Admins salary for example....or maybe HR complaints about him (Surely this would be against the law)?
I've tried all sorts - Application Administration (Aka scoped administration), Delegated development, turning off ACL override for admin, combining application admin with delegated dev, setting 2 roles as "application administrators" then revoking 1 role, etc etc.
Ultimately though, either;
1) the admin is locked out of development AND data.
2) the admin can do development AND see data.
Either combo is bad. We need "Admin can do development, but can never see the data - I.e. the ACLs are off limits for that table, as is the data - Otherwise the admin could just disable the ACLs, etc then view the data).
Hope you can help? I will buy you a gallon of beer
ACL is still best option to control visibility for data.
you can trigger notifications or build reporting mechanism for your stakeholders if admin disables ACL.
We have implemented similar solution in our instance.
With this solution, we are sure that any ACL updates by admin and re-portable and action-ed.
Please mark answer as Correct, helpful as appropriate.