Hi, As OUser / ORole are not sub classes of ORestricted, all records of these classes can be fetched by any system user by default and no record level access be restricted for records in these classes. Is that understanding right ? If so, any user of system can see details of other users (including username and hashed passwords), is that not a security concern ?
To overcome this, wont it be good if all classes are derived from ORestricted, including OIdentity. As per my short understanding of OrientDB security, I think it will be good to have below class structure ORestricted --> OIdentity --> OUser ORestricted --> OIdentity --> ORole ORestricted --> Other developer defined classes Is it advisable to delete the default classes OUser, ORole, OIdentity and ORestricted and re-create them to arrange them in above structure ? Will OrientDB be still following the security rules ? Regards, Gaurav -- --- You received this message because you are subscribed to the Google Groups "OrientDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
