Andrey, I tried doing it before posting my last message, but as soon as I delete OUser class, all users of DB are gone and thereafter even the logged-in user is not able to do anything (delete OIdentity, re-create OIdentity, OUser and ORole classes).
How can I do it ? Regards, Gaurav On Fri, Mar 7, 2014 at 7:59 PM, Andrey Lomakin <[email protected]>wrote: > You can do the same yourself for your db instance login as root, drop > class OUser and recreate it, then add existing users records and you will > have this feature. > > > On Fri, Mar 7, 2014 at 2:06 PM, Gaurav Dhiman <[email protected]>wrote: > >> Till the time, this change is not done, what are the available options to >> restrict access to OUser and ORole classes ? >> >> If we define a role with no access (not even read) to OUser and ORole >> classes and put non-admin users in that role, will those users be able to >> change their password and other user related details ? >> >> Regards, >> Gaurav >> >> >> >> >> On Thu, Mar 6, 2014 at 4:51 PM, Gaurav Dhiman <[email protected]>wrote: >> >>> Thanks Andrey for confirming. >>> Created an issue in bug tracker, here is the link - >>> https://github.com/orientechnologies/orientdb/issues/2095 >>> >>> Regards, >>> Gaurav >>> >>> >>> On Thursday, March 6, 2014 4:08:00 PM UTC+5:30, Andrey Lomakin wrote: >>>> >>>> Hi Gaurav, >>>> You are right. >>>> >>>> We have this in the pool of our tasks to complete and I think it even >>>> will be good to have in final 1.7 version. >>>> Could you kindly create issue in bug tracker to make this possible ? >>>> >>>> >>>> On Wed, Mar 5, 2014 at 3:45 PM, Gaurav Dhiman <[email protected]>wrote: >>>> >>>>> Hi, >>>>> >>>>> As OUser / ORole are not sub classes of ORestricted, all records of >>>>> these classes can be fetched by any system user by default and no record >>>>> level access be restricted for records in these classes. Is that >>>>> understanding right ? If so, any user of system can see details of other >>>>> users (including username and hashed passwords), is that not a security >>>>> concern ? >>>>> >>>>> To overcome this, wont it be good if all classes are derived from >>>>> ORestricted, including OIdentity. As per my short understanding of >>>>> OrientDB >>>>> security, I think it will be good to have below class structure >>>>> >>>>> ORestricted --> OIdentity --> OUser >>>>> ORestricted --> OIdentity --> ORole >>>>> ORestricted --> Other developer defined classes >>>>> >>>>> Is it advisable to delete the default classes OUser, ORole, OIdentity >>>>> and ORestricted and re-create them to arrange them in above structure ? >>>>> Will OrientDB be still following the security rules ? >>>>> >>>>> Regards, >>>>> Gaurav >>>>> >>>>> -- >>>>> >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "OrientDB" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>> >>>> >>>> >>>> >>>> -- >>>> Best regards, >>>> Andrey Lomakin. >>>> >>>> Orient Technologies >>>> the Company behind OrientDB >>>> >>>> -- >>> >>> --- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "OrientDB" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/orient-database/M-4-DXJ2gcg/unsubscribe >>> . >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "OrientDB" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Best regards, > Andrey Lomakin. > > Orient Technologies > the Company behind OrientDB > > -- > > --- > You received this message because you are subscribed to a topic in the > Google Groups "OrientDB" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/orient-database/M-4-DXJ2gcg/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "OrientDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
