First Class Security Model for Custom Functions

Idea created by Chris Irvine on Nov 17, 2015
    • cristoslc
    • Chris Irvine
    • jbante

    The current two radio buttons for "availability" don't really cut it.


    Providing CFs with the same security treatment that we already have for scripts could mean that one or more privilege sets could be granted the right to edit or even create certain custom functions.


    When a developer practices the principle of least privilege, working on a solution with a non-full-access account, they can not create or enhance custom functions. When working on live systems, my preference is to use a reduced privilege account, escalating to full access only when absolutely necessary. CFs are one area that requires this today, when they really could work similar to script rights.


    This could also be beneficial for people who like to put semi-permanent data into custom functions, aka file-wide configuration constants. The pool of users that should be allowed to edit configuration constants do not necessarily intersect a pool of software developers.