You can do the same yourself for your db instance login as root, drop class OUser and recreate it, then add existing users records and you will have this feature.
On Fri, Mar 7, 2014 at 2:06 PM, Gaurav Dhiman <[email protected]> wrote: > Till the time, this change is not done, what are the available options to > restrict access to OUser and ORole classes ? > > If we define a role with no access (not even read) to OUser and ORole > classes and put non-admin users in that role, will those users be able to > change their password and other user related details ? > > Regards, > Gaurav > > > > > On Thu, Mar 6, 2014 at 4:51 PM, Gaurav Dhiman <[email protected]>wrote: > >> Thanks Andrey for confirming. >> Created an issue in bug tracker, here is the link - >> https://github.com/orientechnologies/orientdb/issues/2095 >> >> Regards, >> Gaurav >> >> >> On Thursday, March 6, 2014 4:08:00 PM UTC+5:30, Andrey Lomakin wrote: >>> >>> Hi Gaurav, >>> You are right. >>> >>> We have this in the pool of our tasks to complete and I think it even >>> will be good to have in final 1.7 version. >>> Could you kindly create issue in bug tracker to make this possible ? >>> >>> >>> On Wed, Mar 5, 2014 at 3:45 PM, Gaurav Dhiman <[email protected]>wrote: >>> >>>> Hi, >>>> >>>> As OUser / ORole are not sub classes of ORestricted, all records of >>>> these classes can be fetched by any system user by default and no record >>>> level access be restricted for records in these classes. Is that >>>> understanding right ? If so, any user of system can see details of other >>>> users (including username and hashed passwords), is that not a security >>>> concern ? >>>> >>>> To overcome this, wont it be good if all classes are derived from >>>> ORestricted, including OIdentity. As per my short understanding of OrientDB >>>> security, I think it will be good to have below class structure >>>> >>>> ORestricted --> OIdentity --> OUser >>>> ORestricted --> OIdentity --> ORole >>>> ORestricted --> Other developer defined classes >>>> >>>> Is it advisable to delete the default classes OUser, ORole, OIdentity >>>> and ORestricted and re-create them to arrange them in above structure ? >>>> Will OrientDB be still following the security rules ? >>>> >>>> Regards, >>>> Gaurav >>>> >>>> -- >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "OrientDB" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/groups/opt_out. >>>> >>> >>> >>> >>> -- >>> Best regards, >>> Andrey Lomakin. >>> >>> Orient Technologies >>> the Company behind OrientDB >>> >>> -- >> >> --- >> You received this message because you are subscribed to a topic in the >> Google Groups "OrientDB" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/orient-database/M-4-DXJ2gcg/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> >> For more options, visit https://groups.google.com/groups/opt_out. >> > > -- > > --- > You received this message because you are subscribed to the Google Groups > "OrientDB" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- Best regards, Andrey Lomakin. Orient Technologies the Company behind OrientDB -- --- You received this message because you are subscribed to the Google Groups "OrientDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
