Create a user with Java with minimal rights in OrientDB
I create the least privileged user like this:
db.command(new OCommandScript("sql", "insert into orole set name = 'ardaRole', mode = 0")).execute();
db.command(new OCommandScript("sql", "update orole put rules = 'database.class', 2 where name = 'ardaRole'")).execute();
db.command(new OCommandScript("sql", "update orole put rules = 'database.function', 2 where name = 'ardaRole'")).execute();
db.command(new OCommandScript("sql", "update orole put rules = 'database.cluster', 2 where name = 'ardaRole'")).execute();
db.command(new OCommandScript("sql", "insert into ouser set name = 'arda', password = 'arda', status = 'ACTIVE', roles = (select from ORole where name = 'ardaRole')"))
.execute();
It works really well. If you want to check permissions in my project follow these steps: http://arda-maps.org:2480 with arda arda.
So my problem is that these permissions still allow things like changing the vertex name (which is why I changed LOVES to LOVESd). But it kills all the structure and functionality of the database!
So how can I restrict rights even more? This is very bad because I want to give anyone access to the database. But no one can change anything there, just read ... There must be a way ...
0
kwoxer
source
to share
1 answer
It seems to work as shown above. This is just a bug or temporary change for a specific user and will not damage the database. So the code is totally fine.
0
kwoxer
source
to share