What is “Root Access”?

This a shorthand term we’re going to use to mean “access to the main execution process of the application.”

For example: a .NET MVC application is a set of source code that is compiled, deployed to an environment, then launched inside a computational process. The source code has total access to everything in this process.

Changing the logic of how this code executes would require changing or adding to it – and accepting that those changes have complete access to everything the process can access, redeploying to the environment, and restarting the computational process.

Developers do this as a matter of course, and its accepted that a developer working on the source code of an application has “Root Access” to all the resources of that application.

The alternative to “root access” would be…"controlled access” (?). This is a level of computational ability that limits the resources available – it limits the data that can be read or written, or the computational power that can be used, in order to protect the integrity of the application as a whole.

For example, templating code usually runs as controlled access. A template developer can use a language like Liquid in a Turing-complete manner, but the Liquid code can only operate on values and functions made available to it, thus limiting what the template developer can do. A catastrophic error can occur in Liquid code, and this can be caught and handled by the main application without any negative effects. The Liquid code executes in a “sandbox.”

The word “sandbox” implies a “safe space” where code can’t hurt anything (perhaps “rubber room” would be a better term?). The analogy comes from a child playing in a sandbox, where can do whatever they want, provided they don’t leave the sandbox, and they only interact with things that we specifically put in the sandbox.

The entire concept of user extensible software boils down to transferring selected functionality from root access to controlled access – effectively “sandboxing” functionality in order to allow users to safely modify how an application functions.