I and my colleagues were discussing today our security system comparing it to Unix file access permissions. And at some point a question arose: are there any use cases when you must restrict access to WRITE only? I would appreciate links to articles or books discussing this particular case of permissions usage.
Yes, we have a service oriented architecture implementing a hospital system, where all actions in each service are audit logged. Those services are allowed to write to the audit log, but not read from it, as that would allow them to potentially see and expose PHI written to the audit log by another service.
Only the audit log service is allowed to read the logs. All other services have write only access.