Hi, > >> When processing events and jobs, the corresponding subject triggering > >> the event usually gets lost. This lead to event handlers / job > >> consumers often operating with administrative sessions/resolvers to > >> do their work, which in turn can lead to privilege escalations.
Is that a good pattern to encourage, i.e. to execute the handlers using the security context of the triggering subject? You could pass the information on a case by case basis, but typically consumers might represent different services than the one triggering the action. Imagine an indexing service that listens to all modifications. If the user for that service does not have read permissions for certain resources then those should not be indexed when an admin is editing the content. Marius
