User 'John' has no the permission to execute the operation 'Read' against the resource: ResourceGeneric [name=DATABASE, legacyName=database].null
Possibly I'm specifying the permissions in a wrong way, but so far I haven't found how to do it correctly; how should I do?
Here is the code:
String db_addr = "plocal:testdb";
OrientGraphNoTx graph = new OrientGraphFactory( db_addr ).getNoTx();
OSecurity security = graph.getRawGraph().getMetadata().getSecurity();
ORole admin = security.getRole( "admin" );
ORole visitor = security.getRole( "Visitor" );
if( visitor == null ) {
visitor = security.createRole( "Visitor", ALLOW_MODES.DENY_ALL_BUT );
visitor.addRule( ORule.ResourceGeneric.COMMAND, "Invoice", ORole.PERMISSION_ALL);
visitor.addRule( ORule.ResourceGeneric.CLASS, "Invoice", ORole.PERMISSION_ALL);
visitor.addRule( ORule.ResourceGeneric.DATABASE, "Invoice", ORole.PERMISSION_ALL);
visitor.addRule( ORule.ResourceGeneric.CLUSTER, "Invoice", ORole.PERMISSION_ALL);
visitor.addRule( ORule.ResourceGeneric.FUNCTION, "Invoice", ORole.PERMISSION_ALL);
visitor.addRule( ORule.ResourceGeneric.SCHEMA, "Invoice", ORole.PERMISSION_ALL);
visitor.addRule( ORule.ResourceGeneric.RECORD_HOOK, "Invoice", ORole.PERMISSION_ALL);
visitor.save();
visitor = visitor.reload();
}
if( security.getUser( "John" ) == null )
security.createUser( "John", "mypwd", visitor );
for( Vertex vertex : graph.getVertices() ) {
graph.removeVertex( vertex );
}
graph.commit();
{
OrientVertex v = graph.addVertex( "class:Invoice" );
v.setProperty("amount", 123 );
v.save();
v = graph.addVertex( "class:Invoice" );
v.setProperty("amount", 456 );
v.save();
}
for( Vertex vertex : graph.getVertices() ) {
System.out.println( vertex );
}
graph.getRawGraph().close();
System.out.println( "=====" );
graph = new OrientGraphFactory( db_addr, "John", "mypwd" ).getNoTx();
for( Vertex vertex : graph.getVerticesOfClass( "Invoice" ) ) {
try {
vertex.setProperty( "testprop", "testval" );
graph.commit();
}
catch( Exception ex ) {
ex.printStackTrace();
}
System.out.println( vertex + ": " + vertex.getProperty( "testprop" ) );
}
graph.getRawGraph().close();
visitor.addRule(ORule.ResourceGeneric.DATABASE, null, ORole.PERMISSION_READ);
visitor.addRule(ORule.ResourceGeneric.SCHEMA, null, ORole.PERMISSION_READ);
visitor.addRule(ORule.ResourceGeneric.CLUSTER, OMetadataDefault.CLUSTER_INTERNAL_NAME, ORole.PERMISSION_READ);
visitor.addRule(ORule.ResourceGeneric.CLUSTER, "orole", ORole.PERMISSION_READ);
visitor.addRule(ORule.ResourceGeneric.CLUSTER, "ouser", ORole.PERMISSION_READ);
visitor.addRule(ORule.ResourceGeneric.CLASS, null, ORole.PERMISSION_READ);
visitor.addRule(ORule.ResourceGeneric.CLUSTER, null, ORole.PERMISSION_READ);
visitor.addRule(ORule.ResourceGeneric.COMMAND, null, ORole.PERMISSION_READ);
visitor.addRule(ORule.ResourceGeneric.RECORD_HOOK, null, ORole.PERMISSION_READ);
visitor.addRule(ORule.ResourceGeneric.FUNCTION, null, ORole.PERMISSION_READ);
--
---
You received this message because you are subscribed to the Google Groups "OrientDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email to orient-databa...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.