Thanks Luca, that helped. It was easy one but did not strike me :-) Regards, Gaurav
On Sat, Mar 8, 2014 at 6:36 AM, Luca Garulli <[email protected]> wrote: > Hi, > Have you already tried just: > > Alter class OUser superclass ORestricted > > ? > > Lvc@ > > Sent from Mobile device > Il 08/mar/2014 02:11 "Gaurav Dhiman" <[email protected]> ha scritto: > > Hi Andrey, >> >> I was logged-in as root user (server user), but as explained earlier >> after deleting OUser class, things do not work. >> Attached are the snapshots for your reference. Do you have any >> suggestions ? Thanks for helping out ! >> >> Best Regards, >> Gaurav >> >> >> >> On Fri, Mar 7, 2014 at 8:15 PM, Andrey Lomakin >> <[email protected]>wrote: >> >>> That is because you are not logged in as root on server. >>> I mean root user from server configuration xml. >>> >>> >>> On Fri, Mar 7, 2014 at 4:43 PM, Gaurav Dhiman <[email protected]>wrote: >>> >>>> Andrey, I tried doing it before posting my last message, but as soon as >>>> I delete OUser class, all users of DB are gone and thereafter even the >>>> logged-in user is not able to do anything (delete OIdentity, re-create >>>> OIdentity, OUser and ORole classes). >>>> >>>> How can I do it ? >>>> >>>> Regards, >>>> Gaurav >>>> >>>> >>>> >>>> >>>> On Fri, Mar 7, 2014 at 7:59 PM, Andrey Lomakin < >>>> [email protected]> wrote: >>>> >>>>> You can do the same yourself for your db instance login as root, drop >>>>> class OUser and recreate it, then add existing users records and you will >>>>> have this feature. >>>>> >>>>> >>>>> On Fri, Mar 7, 2014 at 2:06 PM, Gaurav Dhiman >>>>> <[email protected]>wrote: >>>>> >>>>>> Till the time, this change is not done, what are the available >>>>>> options to restrict access to OUser and ORole classes ? >>>>>> >>>>>> If we define a role with no access (not even read) to OUser and ORole >>>>>> classes and put non-admin users in that role, will those users be able to >>>>>> change their password and other user related details ? >>>>>> >>>>>> Regards, >>>>>> Gaurav >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Thu, Mar 6, 2014 at 4:51 PM, Gaurav Dhiman >>>>>> <[email protected]>wrote: >>>>>> >>>>>>> Thanks Andrey for confirming. >>>>>>> Created an issue in bug tracker, here is the link - >>>>>>> https://github.com/orientechnologies/orientdb/issues/2095 >>>>>>> >>>>>>> Regards, >>>>>>> Gaurav >>>>>>> >>>>>>> >>>>>>> On Thursday, March 6, 2014 4:08:00 PM UTC+5:30, Andrey Lomakin wrote: >>>>>>>> >>>>>>>> Hi Gaurav, >>>>>>>> You are right. >>>>>>>> >>>>>>>> We have this in the pool of our tasks to complete and I think it >>>>>>>> even will be good to have in final 1.7 version. >>>>>>>> Could you kindly create issue in bug tracker to make this possible ? >>>>>>>> >>>>>>>> >>>>>>>> On Wed, Mar 5, 2014 at 3:45 PM, Gaurav Dhiman <[email protected] >>>>>>>> > wrote: >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> As OUser / ORole are not sub classes of ORestricted, all records >>>>>>>>> of these classes can be fetched by any system user by default and no >>>>>>>>> record >>>>>>>>> level access be restricted for records in these classes. Is that >>>>>>>>> understanding right ? If so, any user of system can see details of >>>>>>>>> other >>>>>>>>> users (including username and hashed passwords), is that not a >>>>>>>>> security >>>>>>>>> concern ? >>>>>>>>> >>>>>>>>> To overcome this, wont it be good if all classes are derived from >>>>>>>>> ORestricted, including OIdentity. As per my short understanding of >>>>>>>>> OrientDB >>>>>>>>> security, I think it will be good to have below class structure >>>>>>>>> >>>>>>>>> ORestricted --> OIdentity --> OUser >>>>>>>>> ORestricted --> OIdentity --> ORole >>>>>>>>> ORestricted --> Other developer defined classes >>>>>>>>> >>>>>>>>> Is it advisable to delete the default classes OUser, ORole, >>>>>>>>> OIdentity and ORestricted and re-create them to arrange them in above >>>>>>>>> structure ? Will OrientDB be still following the security rules ? >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> Gaurav >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> --- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "OrientDB" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to [email protected]. >>>>>>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Best regards, >>>>>>>> Andrey Lomakin. >>>>>>>> >>>>>>>> Orient Technologies >>>>>>>> the Company behind OrientDB >>>>>>>> >>>>>>>> -- >>>>>>> >>>>>>> --- >>>>>>> You received this message because you are subscribed to a topic in >>>>>>> the Google Groups "OrientDB" group. >>>>>>> To unsubscribe from this topic, visit >>>>>>> https://groups.google.com/d/topic/orient-database/M-4-DXJ2gcg/unsubscribe >>>>>>> . >>>>>>> To unsubscribe from this group and all its topics, send an email to >>>>>>> [email protected]. >>>>>>> >>>>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "OrientDB" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Best regards, >>>>> Andrey Lomakin. >>>>> >>>>> Orient Technologies >>>>> the Company behind OrientDB >>>>> >>>>> -- >>>>> >>>>> --- >>>>> You received this message because you are subscribed to a topic in the >>>>> Google Groups "OrientDB" group. >>>>> To unsubscribe from this topic, visit >>>>> https://groups.google.com/d/topic/orient-database/M-4-DXJ2gcg/unsubscribe >>>>> . >>>>> To unsubscribe from this group and all its topics, send an email to >>>>> [email protected]. >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> -- >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "OrientDB" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> >>> >>> -- >>> Best regards, >>> Andrey Lomakin. >>> >>> Orient Technologies >>> the Company behind OrientDB >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "OrientDB" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/orient-database/M-4-DXJ2gcg/unsubscribe >>> . >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "OrientDB" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > -- > > --- > You received this message because you are subscribed to a topic in the > Google Groups "OrientDB" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/orient-database/M-4-DXJ2gcg/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "OrientDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
