问题
I create a user with lowest rights in the following way:
db.command(new OCommandScript("sql", "insert into orole set name = 'ardaRole', mode = 0")).execute();
db.command(new OCommandScript("sql", "update orole put rules = 'database.class', 2 where name = 'ardaRole'")).execute();
db.command(new OCommandScript("sql", "update orole put rules = 'database.function', 2 where name = 'ardaRole'")).execute();
db.command(new OCommandScript("sql", "update orole put rules = 'database.cluster', 2 where name = 'ardaRole'")).execute();
db.command(new OCommandScript("sql", "insert into ouser set name = 'arda', password = 'arda', status = 'ACTIVE', roles = (select from ORole where name = 'ardaRole')"))
.execute();
That works pretty well. If you want to check the rights in my project check out: http://arda-maps.org:2480 with arda arda.
So my issue is that these rights still allow things like changing the name of a vertex (so I changed LOVES to LOVESd). But that is killing the whole database structure and functions!
So how can I restrict the rights even more? This is really bad, because I want to give anyone access to the database. But noone should be able to change anything there just read... There must be a way...
回答1:
It seems that it works in the way above. This is just a bug or a temporarly change for the specific user and isn't further harming the database. So the code is totally fine.
来源:https://stackoverflow.com/questions/30380909/create-a-user-with-java-with-lowest-rights-in-orientdb