ORestricted vs ORole

34 views
Skip to first unread message

David de Sousa Seixas

unread,
Jul 3, 2015, 8:37:02 PM7/3/15
to orient-...@googlegroups.com
Hi

I want to have one part of the graph readable by all users, and some other edges that are exclusive to each user. I had V and E extend orestricted and added to the user's orole a permission to read a class Concept (which extends V and should be visible to all users). However, when I create a Concept vertex, the user's orole is not automatically added to _allowRead, which means they can't see it despite the permissions in his orole. Am I getting this all wrong?

Thanks!

UPDATE: 
I'm using version 2.0.3
I gave the 'student' role the following permissions:

{
    "database.class.Concept": 15,
    "database.class.Unit": 2,
    "database.class.knows": 15
}

and it inherited the role of reader. Then I login with the user Angela_Merkel who has the student role. But when I try to create or update a Concept vertex from that account, I get an exception:

Error: com.orientechnologies.orient.core.exception.OSecurityAccessException: User 'Angela_Merkel' has no the permission to execute the operation 'Update' against the resource: ResourceGeneric [name=CLASS, legacyName=database.class].Concept


... and I'm really at a loss.

Message has been deleted

Luca Garulli

unread,
Jul 4, 2015, 4:29:18 AM7/4/15
to orient-...@googlegroups.com
Did you executed this?

ALTER CLASS V custom onCreate.identityType=role




Best Regards,

Luca Garulli
CEO at Orient Technologies LTD
the Company behind OrientDB

On 4 July 2015 at 02:37, David de Sousa Seixas <david....@gmail.com> wrote:
forgot to mention I'm using v. 2.0.3


sábado, 4 de Julho de 2015 às 01:37:02 UTC+1, David de Sousa Seixas escreveu:
Hi

I want to have one part of the graph readable by all users, and some other edges that are exclusive to each user. I had V and E extend orestricted and added to the user's orole a permission to read a class Concept (which extends V and should be visible to all users). However, when I create a Concept vertex, the user's orole is not automatically added to _allowRead, which means they can't see it despite the permissions in his orole. Am I getting this all wrong?

Thanks!

--

---
You received this message because you are subscribed to the Google Groups "OrientDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email to orient-databa...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

David de Sousa Seixas

unread,
Jul 4, 2015, 5:49:57 AM7/4/15
to orient-...@googlegroups.com
Yes, but if I do that the role of the creator is added to _allow, not the 'appuser' role, which is the one I'm trying to allow read access. So, basically, 'appuser' should be allowed to view Concept nodes but not create, alter or delete them.
Reply all
Reply to author
Forward
0 new messages