There are a couple of issues with the delete permissions, so this idea is a combination of a number of different ideas.
- By default delete permission are enabled in the "Standard Profiles", they should not be - giving delete permission should be a more active task by an administrator.
- Customising the default profiles is not possible, so you need to add a new profile to remove delete privledges.
- In an active system you then need to identify the users to change to this profile, unfortunately there is no report. So its a matter of clicking on each user and changing (easy to make a mistake)
- There is no way to remove the standard profile, so new users may get assigned to the wrong profile quite easily. (As this would be the detault option).
Ultimately it is very difficult to robustly control and remove delete permissions - to address this a couple of things need to be done:-
- make the default profile editable.
- remove delete capabilities from the out of the box profile.
Even with all of this, mistakes can happen, and ultimately there needs to be a capacility to un-delete mistakes (or even malicious actions) which could otherwise risk the survival of a business.
There really needs to be an un-delete capability or a recycling bin (simiar to salesforce) that would allow object that have been deleted to be restored.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.