We wanted to disable some "Generic Object Services" such as attachment list / create attachment. So certain users are not allowed to see the attachment. We achieved it using SGOS to Substitute standard service class with our own class. then use "CHECK_STATUS" method.
Now everything works fine. The set of users which are not supposed to see these attachments also involves developers. These users have access to debug mode and can change values at run time and change behavior of the class method.
So we remove authorization for changing variable values in debug mode. But this blank ban does not work as in certain cases they need to change values in debug mode.
Can some one advice if we can stop developers from changing values of variable in particular class method? or we need a redesign of our solution?