Till the time, this change is not done, what are the available options to restrict access to OUser and ORole classes ?
If we define a role with no access (not even read) to OUser and ORole classes and put non-admin users in that role, will those users be able to change their password and other user related details ? Regards, Gaurav On Thu, Mar 6, 2014 at 4:51 PM, Gaurav Dhiman <[email protected]> wrote: > Thanks Andrey for confirming. > Created an issue in bug tracker, here is the link - > https://github.com/orientechnologies/orientdb/issues/2095 > > Regards, > Gaurav > > > On Thursday, March 6, 2014 4:08:00 PM UTC+5:30, Andrey Lomakin wrote: >> >> Hi Gaurav, >> You are right. >> >> We have this in the pool of our tasks to complete and I think it even >> will be good to have in final 1.7 version. >> Could you kindly create issue in bug tracker to make this possible ? >> >> >> On Wed, Mar 5, 2014 at 3:45 PM, Gaurav Dhiman <[email protected]>wrote: >> >>> Hi, >>> >>> As OUser / ORole are not sub classes of ORestricted, all records of >>> these classes can be fetched by any system user by default and no record >>> level access be restricted for records in these classes. Is that >>> understanding right ? If so, any user of system can see details of other >>> users (including username and hashed passwords), is that not a security >>> concern ? >>> >>> To overcome this, wont it be good if all classes are derived from >>> ORestricted, including OIdentity. As per my short understanding of OrientDB >>> security, I think it will be good to have below class structure >>> >>> ORestricted --> OIdentity --> OUser >>> ORestricted --> OIdentity --> ORole >>> ORestricted --> Other developer defined classes >>> >>> Is it advisable to delete the default classes OUser, ORole, OIdentity >>> and ORestricted and re-create them to arrange them in above structure ? >>> Will OrientDB be still following the security rules ? >>> >>> Regards, >>> Gaurav >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "OrientDB" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >> >> >> >> -- >> Best regards, >> Andrey Lomakin. >> >> Orient Technologies >> the Company behind OrientDB >> >> -- > > --- > You received this message because you are subscribed to a topic in the > Google Groups "OrientDB" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/orient-database/M-4-DXJ2gcg/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > -- --- You received this message because you are subscribed to the Google Groups "OrientDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
