While the broader issue of permissions is covered elsewhere, we want to take a moment to re-emphasize an important concern when working with contributions. We strongly discourage deleting financial data transactions as these records have tax and financial auditing implications. Drupal installations can disable the "delete in CiviContribute" and "delete in CiviPledge" permission from all roles to prevent intentional or unintentional deletions.

Joomla 1.6 will have access control capabilities and work is already being done to integrate those tools with CiviCRM's permissioning. If access control is a critical requirement for your organization and you are using Joomla!, begin by looking into what it will take to upgrade your site to Joomla! 1.6 and implement CiviCRM.