As Darshana mentioned, in order to assign roles, user should have proper permissions. There shouldn't be any security issue only specific for per user roles.
The reason for per user roles is, we wanted to have per user permissions in ES. As our user manager doesn't support per user permissions yet, we agreed to go with a special per user role to mock that. /Ruchira On Wed, May 28, 2014 at 12:41 PM, Darshana Gunawardana <[email protected]>wrote: > Hi, > > On Wed, May 28, 2014 at 12:24 PM, Suneth Ranasinghe <[email protected]>wrote: > >> >> >> >> On Wed, May 28, 2014 at 12:23 PM, Suneth Ranasinghe <[email protected]>wrote: >> >>> Hi Mobile team, >>> >>> Are there any specific reason for creating internal role per user with >>> some permissions. (Login, Manage, etc)? >>> >>> Since these are internal roles, those were visible to other users and >>> would able to assign others internal roles to themselves which causing a >>> security issue. >>> >> > To assign roles, user should have "/permission/admin/configure/security" > permission. So only such privileged users can change others roles, or > assign some other roles to itself. > > However, creating internal roles per user does not look right.. > > Thanks, > >> >>> >>> >>> -- >>> Suneth Ranasinghe >>> Senior Software Engineer - QA >>> Mobile: +94717387198 >>> >>> wso2.com >>> Lean Enterprise Middleware >>> >> >> >> >> -- >> Suneth Ranasinghe >> Senior Software Engineer - QA >> Mobile: +94717387198 >> >> wso2.com >> Lean Enterprise Middleware >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Regards, > > > *Darshana Gunawardana *Software Engineer > WSO2 Inc.; http://wso2.com > > * E-mail: [email protected] <[email protected]>* > *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Ruchira Wageesha**Associate Technical Lead* *WSO2 Inc. - lean . enterprise . middleware | wso2.com <http://wso2.com>* *email: [email protected] <[email protected]>, blog: ruchirawageesha.blogspot.com <http://ruchirawageesha.blogspot.com>, mobile: +94 77 5493444*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
