dfwenigma

I have never heard such malarkey in my life. As the article said this is a power play. Much of the enterprise class software out there today - let's face it it's Microsoft .NET technology. That means that permissions of various kinds are possible. .NET apps have literally thousands of user permissions associated with the applications. Adding a user account with 'read-only' access absolutely does not require extensive programming. But if I were a software company - and I've worked for a few like this - the customer controls the environment. The customer controls who gets what access, where and when. This article ends up playing this situation off as if the players are all the same page. I've seldom seen organizations where everyone plays nicely in the sandbox. Let's not assume that the evil-doer here is the vendor. The vendor is legally bound by its contract. The customer is in the driver's seat. It sounds to me like the IT director here has seen which side her bread is buttered on and knows that the auditor is not her boss. I don't blame her. But to say that a .NET app can't generate user id's with read-only access makes me scratch my head. Would it be easy as pie? Probably not. Is it un-doable? Me thinks the Lady she doth protest TOO much. We may have just identified the wrong villain here and I'm thinking that he with the most turf is he with the most to lose. The software company probably has more than one customer and if adding user types were such a huge issue - with 'read-only' access I kind of think that the software company would have had customers who were a bit irate and that we MIGHT just have heard of this before. Since this is the first time - I have some doubts here. Something's rotten in McKinney.