For any other user, I would agree with you about implicit access. But I would think that for root, maybe that would be a good idea to allow it implicit access to everything? I am thinking Unixy here, where they allow root access to everything. Then they guard root access jealously, and often disable root access from everywhere but the console.
Would it be possible to set it up such that root could only login from localhost, depending on a configuration or runtime setting? Would probably settle most security concerns, if not all, security concerns (as in, if its good enough for the NSA, its good enough for me).
Regards, Steve
Sasvata (Shash) Chatterjee wrote:
Steve,
You are right, the tables need to be updated for each model that has been changed to SecuredStandardLogEnabledModel. An automatic way would be to add lines like the following to app-security's org.keel.apps.security.models.ComponentSecurity:
* @persist.record * component="org.keel.models.util.CreateDB" * instance="all" * groupname="root" * alloperationsallowed="Y"
Then, assemble-deploy and run createdb once again.
I think explicit security is better than implicitly allowing root access to everything, could open up unforeseen holes otherwise.
Another way, instead of adding all the default records in UserComponentSecurity, is to add some default-persistent configuration snippets in each module's system.xconf.
Shash
-- Java/J2EE Developer/Integrator Co-Chair, Dallas/FortWorth J2EE Sig 214-724-7741
http://keelframework.org/documentation Keelgroup mailing list [EMAIL PROTECTED] http://lists.keelframework.com/listinfo.cgi/keelgroup-keelframework.com
