We’re changing the default deletion policy

A while ago, we introduced the ability to better control deletion policies for data. To summarise, if you have two linked sets of data, say companies and contacts, where a contacts belong to companies, you can specify how you want deletions to behave. Either

  1. deleting a company will delete all related contacts
  2. deleting a company will cause contacts to be ‘un-linked’ and become orphans
  3. the system will refuse to delete a company that has linked contacts

Currently the default is 1: deleting a company will delete all related contacts – with suitable warnings of course.

However, having built up experience of how different customer accounts work, we now believe that 3 (refusing to delete) will be a better default, so we propose setting it to that for new relations and also making a one-off change across the board for all existing relations.

This decision has come from data about how customers actually use the system and because over recent years the types of data used in the apps running on agileBase have tended to migrate from the ‘business support’ end of the spectrum to the ‘mission critical’.

In many cases, users hold the very reasonable assumption that the system will protect them against disaster.

Previous work has simplified and clarified warnings, and okay-ing two prompts is necessary to carry out a deletion. Elevated privileges are also necessary to delete more than one record at once. However, from time to time, the odd mistaken deletion is still carried out. This is emphatically not the fault of the user – we’ve all been trained by a multitude of software apps to just click ‘ok’ whenever a prompt is offered without really spending time to read the message. I have myself lost a good handful of email drafts this way when closing them to read other messages for example.

It’s now up to systems to go the extra mile to build in protections against losing data.

That’s why we propose this across-the-board change. You know much better than us which parts of your system are the most important to keep safe. Changing settings per area is really easy for an admin to do, so by erring on the side of caution, we will enable the strongest protection of mission-critical data by default, whilst still letting admins tweak their own systems should users need to be able to make quicker and easier deletions of certain other data.

We’re not going to force this change on any customer though. If you’d like your system to remain as it is, that’s no problem – just contact us and we’ll exclude  the account from this change.

We’ll flick the switch in a week’s time – the week of the 5th of September, once all customers and partners have had a chance to understand what’s happening fully.

Backups

We should point out after the discussion above that a history is kept of all changes and of course data is backed up. However, restoring from a backup is a process that takes time and not losing data in the first place is optimal!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s