On 10.02.2015 18:34, Daniel Staal wrote:
> boris_developer be the owner, as php_script sounds like a web interface,
> and it's usually best not to give web interfaces any permission they don't
> absolutely *need*
You kind of confirming the way I am doing it most of the time. Web is
limited to minimum permissions it particularly uses and the owner is
human user.
> Or the owner should be a specific account set up just to be the owner
That option also come to mind, and seems logical.
Thank you for considerations.
On 10.02.2015 18:55, David G Johnston wrote:
> Maybe a bit of over engineering initially but it's worth considering.
> Slightly simpler is to make the owner role a login role. In either
> case client application users should never be able to get owner
> permissions.
Making LOGIN-less group-role an owner looks complicated to me at least
for now (not even sure I get it completely), but definitely worth
considering. Thank you for sharing.