Hi Gaurav, You are right. We have this in the pool of our tasks to complete and I think it even will be good to have in final 1.7 version. Could you kindly create issue in bug tracker to make this possible ?
On Wed, Mar 5, 2014 at 3:45 PM, Gaurav Dhiman <[email protected]> wrote: > Hi, > > As OUser / ORole are not sub classes of ORestricted, all records of these > classes can be fetched by any system user by default and no record level > access be restricted for records in these classes. Is that understanding > right ? If so, any user of system can see details of other users (including > username and hashed passwords), is that not a security concern ? > > To overcome this, wont it be good if all classes are derived from > ORestricted, including OIdentity. As per my short understanding of OrientDB > security, I think it will be good to have below class structure > > ORestricted --> OIdentity --> OUser > ORestricted --> OIdentity --> ORole > ORestricted --> Other developer defined classes > > Is it advisable to delete the default classes OUser, ORole, OIdentity and > ORestricted and re-create them to arrange them in above structure ? Will > OrientDB be still following the security rules ? > > Regards, > Gaurav > > -- > > --- > You received this message because you are subscribed to the Google Groups > "OrientDB" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > -- Best regards, Andrey Lomakin. Orient Technologies the Company behind OrientDB -- --- You received this message because you are subscribed to the Google Groups "OrientDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
