We saw in Chapter 1 that data is an important resource, so access to this resource must be controlled and clearly documented. As each piece of data originates, the responsibility for data entry must be clearly established. After the data has made its way into the database, policies must be in place to control access to it, and these policies are implemented by MySQL's privileges and the use of views.
We should determine who in the enterprise—in terms of a person's name or a function name—is responsible for each data element. This should then be documented and a good place to do so is directly in the database structure. An alternative would be to document data responsibility on paper, but information on paper can be easily lost and has a tendency to become obsolete quickly.
In some cases, there will be a primary source and an approbation-level source. Both should be documented this—helps for
application design, when screens have to reflect the chain of authority...