Shash: > Went ahead and implemented this, works as required. I had to change one > thing, in the Navigate model, to use the model's auth-manager to check > security, rather than Navigate's auth-manager (which is set to > nullauth). CreateDB is now secured, but it still shows up in the Keel > menu when not logged in, or when someone other than root is logged in.
This is one reason I wanted the extra ability to secure a "menu", just for visual appearance. Thanks for cleaning this up! > The reason is that we use the hint "createdb-seq" in the menu, so > Navigate ends up checking auth. for Sequence and not CreateDB. I think, > for now, the simple work around of preventing the display by group works > just fine. In the future, we might create a special auth-manager for > Sequence that actually checks the auth for the model pointed to by the > current step. Good point. In fact, is this a "hole", e.g. can a user not authorized to a model actually execute the model via a sequence? > In summary, two steps to protect and hide CreateDB. After running > CreatedDB initially from the Keel menu, delete the am="nullauth" from > the createdb model's config and restart Keel. This will prevent anybody > but root from running createdb. It will still show up in the Keel menu > as an option, though. To prevent that, the menu entry needs to be > protected in the config to display for root only. > Michael Nash JGlobal Ltd. http://www.jglobal.com Bahamas Commerce and Trade http://www.bahamascommerce.com http://keelframework.org/documentation Keelgroup mailing list [EMAIL PROTECTED] http://lists.keelframework.com/listinfo.cgi/keelgroup-keelframework.com
