Quote:Rather than debate intentions, why not provide the feature that is requested and let the developers decide how to use it?
We're not generally debating intentions. Bharat specifically mentioned this in terms of a disgruntled employee. Our point was that preventing deletes while still allowing edits does not protect you from the type of subtle damage which can be inflicted by a disgruntled employee. If deleting a single record is difficult to detect, someone maliciously changing the content of notes on customer conversations or altering invoice dates is almost impossible.
We have a carefully designed security model based on the tried-and-true read/write/execute model used by operating systems for over three decades. One of the core tenets of this is "If you don't want someone to do damage, don't let them write."
Our security model is capable of expanding well beyond Q&A's. We hear that this particular feature is important to some of you. If it is important to enough of you, we will look into how best to fit it into Sesame's overall design, whether through an SBasic event, an SBasic settable flag or an appropriate slot in the security model. This type of feature, however, is much more high impact than simply writing a new SBasic command. It needs to be considered carefully in terms of its effect on the whole. It's not something we can just drop in, nor does something count as "not a new feature" just because Q&A had it. Every feature we share with Q&A, we wrote from scratch. The security model is not something we followed directly. We went for something that, in the long run, is far more consistent and expandable.