XML I10-003 Exam - Topic 4 Question 14 Discussion

A certain store engages in Internet commerce, managing customer information via XMLDB. Customers register as a user through a webpage, and are allowed to view their own information so they can edit their information themselves through a webpage interface. The store's Web application saves the customer information in an XMLDB, and retrieves data from the XMLDB as necessary. The XML data including customer information is as shown in [CUSTOMER.xml] referenced in a separate window.

The XMLDB account when the Web application connects to the XMLDB is WEBAPP.

A person at the store is in charge of processing payments (access to all registered customer information), and this person's XMLDB account is COUNTER.

A person at the store is in charge of product shipments (access to all registered customer information except for payment information ("payment element")), and this person's XMLDB account is SHIPPER.

Do not consider XMLDB accounts other than those noted above.

Each account authorization in the XMLDB is presently configured as follows: The WEBAPP account has permission to update and view [CUSTOMER xml]

Other accounts have permission to view [CUSTOMER.xml]

Which is the most appropriate method in this situation regarding XMLDB account authorizations'?

Assume that this XMLDB has a view creation function (function to show only certain XML data in response to a certain query)