Flexibility - how far do you go as a developer?

I recently had a situation where a client turned off a key setting in the administration of their system.

Despite there being *VERY* comprehensive security within this system, all users were given Admin privileges and access to all areas.

So my question is this:

QN: Do you not provide access to these settings at all? Do you wait for a support request to come in to make changes for the client?Undecided

 

Is it worth adding comprehensive security to a system if it's going to be under-utilised?

I am at cross-roads to the way we do things as it is very easy for clients to be lazy and not be strict about security policy in computer programs.

The verdict is out. After your thoughts?