That is because you are not logged in as root on server. I mean root user from server configuration xml.
On Fri, Mar 7, 2014 at 4:43 PM, Gaurav Dhiman <[email protected]> wrote: > Andrey, I tried doing it before posting my last message, but as soon as I > delete OUser class, all users of DB are gone and thereafter even the > logged-in user is not able to do anything (delete OIdentity, re-create > OIdentity, OUser and ORole classes). > > How can I do it ? > > Regards, > Gaurav > > > > > On Fri, Mar 7, 2014 at 7:59 PM, Andrey Lomakin > <[email protected]>wrote: > >> You can do the same yourself for your db instance login as root, drop >> class OUser and recreate it, then add existing users records and you will >> have this feature. >> >> >> On Fri, Mar 7, 2014 at 2:06 PM, Gaurav Dhiman <[email protected]>wrote: >> >>> Till the time, this change is not done, what are the available options >>> to restrict access to OUser and ORole classes ? >>> >>> If we define a role with no access (not even read) to OUser and ORole >>> classes and put non-admin users in that role, will those users be able to >>> change their password and other user related details ? >>> >>> Regards, >>> Gaurav >>> >>> >>> >>> >>> On Thu, Mar 6, 2014 at 4:51 PM, Gaurav Dhiman <[email protected]>wrote: >>> >>>> Thanks Andrey for confirming. >>>> Created an issue in bug tracker, here is the link - >>>> https://github.com/orientechnologies/orientdb/issues/2095 >>>> >>>> Regards, >>>> Gaurav >>>> >>>> >>>> On Thursday, March 6, 2014 4:08:00 PM UTC+5:30, Andrey Lomakin wrote: >>>>> >>>>> Hi Gaurav, >>>>> You are right. >>>>> >>>>> We have this in the pool of our tasks to complete and I think it even >>>>> will be good to have in final 1.7 version. >>>>> Could you kindly create issue in bug tracker to make this possible ? >>>>> >>>>> >>>>> On Wed, Mar 5, 2014 at 3:45 PM, Gaurav Dhiman <[email protected]>wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> As OUser / ORole are not sub classes of ORestricted, all records of >>>>>> these classes can be fetched by any system user by default and no record >>>>>> level access be restricted for records in these classes. Is that >>>>>> understanding right ? If so, any user of system can see details of other >>>>>> users (including username and hashed passwords), is that not a security >>>>>> concern ? >>>>>> >>>>>> To overcome this, wont it be good if all classes are derived from >>>>>> ORestricted, including OIdentity. As per my short understanding of >>>>>> OrientDB >>>>>> security, I think it will be good to have below class structure >>>>>> >>>>>> ORestricted --> OIdentity --> OUser >>>>>> ORestricted --> OIdentity --> ORole >>>>>> ORestricted --> Other developer defined classes >>>>>> >>>>>> Is it advisable to delete the default classes OUser, ORole, OIdentity >>>>>> and ORestricted and re-create them to arrange them in above structure ? >>>>>> Will OrientDB be still following the security rules ? >>>>>> >>>>>> Regards, >>>>>> Gaurav >>>>>> >>>>>> -- >>>>>> >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "OrientDB" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Best regards, >>>>> Andrey Lomakin. >>>>> >>>>> Orient Technologies >>>>> the Company behind OrientDB >>>>> >>>>> -- >>>> >>>> --- >>>> You received this message because you are subscribed to a topic in the >>>> Google Groups "OrientDB" group. >>>> To unsubscribe from this topic, visit >>>> https://groups.google.com/d/topic/orient-database/M-4-DXJ2gcg/unsubscribe >>>> . >>>> To unsubscribe from this group and all its topics, send an email to >>>> [email protected]. >>>> >>>> For more options, visit https://groups.google.com/groups/opt_out. >>>> >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "OrientDB" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> Best regards, >> Andrey Lomakin. >> >> Orient Technologies >> the Company behind OrientDB >> >> -- >> >> --- >> You received this message because you are subscribed to a topic in the >> Google Groups "OrientDB" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/orient-database/M-4-DXJ2gcg/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > -- > > --- > You received this message because you are subscribed to the Google Groups > "OrientDB" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- Best regards, Andrey Lomakin. Orient Technologies the Company behind OrientDB -- --- You received this message because you are subscribed to the Google Groups "OrientDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
