在OrientDB中用Java创建一个具有最低权限的用户[英] Create a user with Java with lowest rights in OrientDB

本文是小编为大家收集整理的关于在OrientDB中用Java创建一个具有最低权限的用户的处理/解决方法,可以参考本文帮助大家快速定位并解决问题,中文翻译不准确的可切换到English标签页查看源文。

问题描述

我以下面的方式创建具有最低权利的用户:

            db.command(new OCommandScript("sql", "insert into orole set name = 'ardaRole', mode = 0")).execute();
            db.command(new OCommandScript("sql", "update orole put rules = 'database.class', 2 where name = 'ardaRole'")).execute();
            db.command(new OCommandScript("sql", "update orole put rules = 'database.function', 2 where name = 'ardaRole'")).execute();
            db.command(new OCommandScript("sql", "update orole put rules = 'database.cluster', 2 where name = 'ardaRole'")).execute();
            db.command(new OCommandScript("sql", "insert into ouser set name = 'arda', password = 'arda', status = 'ACTIVE', roles = (select from ORole where name = 'ardaRole')"))
                    .execute();

效果很好.如果您想检查我的项目中的权利,请查看: http://arda-maps.org:2480使用 arda arda .

因此,我的问题是这些权利仍然允许更改顶点的名称(所以我更改了Love to Lovesd).但这正在杀死整个数据库结构和功能!

那么,我如何才能更限制权利?这真的很糟糕,因为我想让任何人访问数据库.但是没有人能够更改那里的任何内容,只需阅读...必须有一种方法...

推荐答案

似乎在上面的途中起作用.这只是特定用户的错误或暂时更改,并且不会进一步损害数据库.因此代码完全可以.

本文地址:https://www.itbaoku.cn/post/597347.html

问题描述

I create a user with lowest rights in the following way:

            db.command(new OCommandScript("sql", "insert into orole set name = 'ardaRole', mode = 0")).execute();
            db.command(new OCommandScript("sql", "update orole put rules = 'database.class', 2 where name = 'ardaRole'")).execute();
            db.command(new OCommandScript("sql", "update orole put rules = 'database.function', 2 where name = 'ardaRole'")).execute();
            db.command(new OCommandScript("sql", "update orole put rules = 'database.cluster', 2 where name = 'ardaRole'")).execute();
            db.command(new OCommandScript("sql", "insert into ouser set name = 'arda', password = 'arda', status = 'ACTIVE', roles = (select from ORole where name = 'ardaRole')"))
                    .execute();

That works pretty well. If you want to check the rights in my project check out: http://arda-maps.org:2480 with arda arda.

So my issue is that these rights still allow things like changing the name of a vertex (so I changed LOVES to LOVESd). But that is killing the whole database structure and functions!

So how can I restrict the rights even more? This is really bad, because I want to give anyone access to the database. But noone should be able to change anything there just read... There must be a way...

推荐答案

It seems that it works in the way above. This is just a bug or a temporarly change for the specific user and isn't further harming the database. So the code is totally fine.