On Mon, Apr 30, 2012 at 12:51 PM, Paul <paul.a@aandc.org> wrote:
At 05:44 PM 4/30/2012 +0200, Fischer, Katrin wrote:
I really don’t like the idea. I think if you want someone to make changes to the database, you should give them a proper tool and training to do that (outside of Koha).

Respectfully, we might be talking apples and oranges.  *All* staff and many users "make changes to the database" - not fundamental structural changes, but add, modify and delete data records.  And it was the latter point that I raised earlier today.


True, except *all* staff and many users do not have the capability to arbitrarily or otherwise create SQL which modifies and makes changes to the database.
 
You are of course correct that the various options allowed by UPDATE, DELETE, DROP, INSERT, and CREATE *can* modify/damage the structure of your database; but they can also be incredibly useful (see my earlier email that uses UPDATE.)

<snip>
 
The chances of a major catastrophe are much greater if I try and train our cataloguers in the intricacies of MySQL and allow them access to the server room, than if I develop a secure script and make it available on the staff interface -- and that was the only reason I raised it on this list and will implement it on our Koha server. YMMV.

What you are asking to be placed into the main repo is contradictory to security best practices. I would humbly suggest that you do just what you have done/propose to do: modify your local installation to meet your local requirements and security tolerance levels. However, let's leave the main-line code in stricter compliance with the security norms of the larger community.

Having said that, you might consider coding up a custom "tool" and place it in Koha's tools page which does what you want. Then you could follow Koha's typical practices for such db interaction, including adding the proper granular perms to control user access.

Kind Regards,
Chris