Thanks Andrey for confirming. Created an issue in bug tracker, here is the link - https://github.com/orientechnologies/orientdb/issues/2095
Regards, Gaurav On Thursday, March 6, 2014 4:08:00 PM UTC+5:30, Andrey Lomakin wrote: > > Hi Gaurav, > You are right. > > We have this in the pool of our tasks to complete and I think it even will > be good to have in final 1.7 version. > Could you kindly create issue in bug tracker to make this possible ? > > > On Wed, Mar 5, 2014 at 3:45 PM, Gaurav Dhiman > <[email protected]<javascript:> > > wrote: > >> Hi, >> >> As OUser / ORole are not sub classes of ORestricted, all records of these >> classes can be fetched by any system user by default and no record level >> access be restricted for records in these classes. Is that understanding >> right ? If so, any user of system can see details of other users (including >> username and hashed passwords), is that not a security concern ? >> >> To overcome this, wont it be good if all classes are derived from >> ORestricted, including OIdentity. As per my short understanding of OrientDB >> security, I think it will be good to have below class structure >> >> ORestricted --> OIdentity --> OUser >> ORestricted --> OIdentity --> ORole >> ORestricted --> Other developer defined classes >> >> Is it advisable to delete the default classes OUser, ORole, OIdentity and >> ORestricted and re-create them to arrange them in above structure ? Will >> OrientDB be still following the security rules ? >> >> Regards, >> Gaurav >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "OrientDB" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/groups/opt_out. >> > > > > -- > Best regards, > Andrey Lomakin. > > Orient Technologies > the Company behind OrientDB > > -- --- You received this message because you are subscribed to the Google Groups "OrientDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
