Hi, On Wed, May 28, 2014 at 12:24 PM, Suneth Ranasinghe <[email protected]> wrote:
> > > > On Wed, May 28, 2014 at 12:23 PM, Suneth Ranasinghe <[email protected]>wrote: > >> Hi Mobile team, >> >> Are there any specific reason for creating internal role per user with >> some permissions. (Login, Manage, etc)? >> >> Since these are internal roles, those were visible to other users and >> would able to assign others internal roles to themselves which causing a >> security issue. >> > To assign roles, user should have "/permission/admin/configure/security" permission. So only such privileged users can change others roles, or assign some other roles to itself. However, creating internal roles per user does not look right.. Thanks, > >> >> >> -- >> Suneth Ranasinghe >> Senior Software Engineer - QA >> Mobile: +94717387198 >> >> wso2.com >> Lean Enterprise Middleware >> > > > > -- > Suneth Ranasinghe > Senior Software Engineer - QA > Mobile: +94717387198 > > wso2.com > Lean Enterprise Middleware > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Regards, *Darshana Gunawardana *Software Engineer WSO2 Inc.; http://wso2.com * E-mail: [email protected] <[email protected]>* *Mobile: +94718566859*Lean . Enterprise . Middleware
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
