Making effective macro control polices is hard. Imagine a technical writer at a software firm who has to do a fact sheet for the company website, referring to some (confidential) design documents. One would want to remove the ability to connect to outside websites from the confidential documents (to prevent information leaks) while allowing an upload of the HTML code to the company external website.
Sorry, but I don't see what this example has to do with macros, unless you assume everything the technical writer does has to be mediated by the document macros, which would be just silly. The updating of the web sites are probably managed by some content management systems, having their own more or less friendly web interfaces (so it is no sweat for the writer to enter the document there when done), and enforcing their own security rules. I don't think anyone would trust information leak prevention based just on the document macros!
What I have mostly seen macroes being used (in the bowels of a large corporation) is in Excel-based apps, for example for creating a travel expenses invoice or a request for a new PC. These applets typically do not need external access. When they do, it would not harm usability if they asked. Something like a box saying "Macro send_travel_invoice requests to upload emp1234.odf to travels.mycompany.com. Allow? [Yes] [No] [Abort]". The box should come from the core of the application and be visually formatted in a way that no macro can replicate.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds