I propose that a default application role be specified, which would be used to determine access permissions for ie email notifications to email addresses, periodic and timestamp-triggered workflow actions etc. Anywhere that access permissions currently default to the access permissions of the application owner.
I tend to use the application owner account as a development account. Whenever I'm doing development, I switch roles around quite a bit to test how things look and operate in the system under different roles. As I understand it, this will actually have an effect on the above situations. Email notifications to email addresses will be sent using the wrong permissions, workflow actions will execute using the wrong permissions, etc.
I'm particular concerned about time-triggered workflow actions. In several places I have workflow actions set up which depend on having particular data access. If they happened to run when the application owner account was testing one of the user roles, these workflow actions would fail.
I think it would be safer if I could simply specify a role to use as the default, whenever a user context is not available.
