Skip to main content
Jump to: navigation, search

Difference between revisions of "CDO/Security Manager"

< CDO
(New page: __TOC__ == Setting up the security manager on a new repository == If you are creating a new repository, things are quite simple. First create a cdo-server.xml configuration file. The imp...)
 
Line 19: Line 19:
 
* The Apache Derby adapter seems to be broken in CDO 4.x. Prefer using H2, which is now the default embedded database.
 
* The Apache Derby adapter seems to be broken in CDO 4.x. Prefer using H2, which is now the default embedded database.
 
* Some CDO features, like workspace and CDO projects management, are not yet compatible with the security manager.  
 
* Some CDO features, like workspace and CDO projects management, are not yet compatible with the security manager.  
* When setting up access right, be aware that ClassPermission doesn't apply to its subtypes, but only the specified class. See bug [https://bugs.eclipse.org/bugs/show_bug.cgi?id=399478 #399478].
+
* When setting up access right, be aware that ClassPermission doesn't apply to its subtypes, but only the specified class. See ticket [https://bugs.eclipse.org/bugs/show_bug.cgi?id=399478 #399478].
* Be aware that you can apply any change to the security realm, even removing write access to the security realm to all the accounts: handle it with care. See bug [https://bugs.eclipse.org/bugs/show_bug.cgi?id=399487 399487].
+
* Be aware that you can apply any change to the security realm, even removing write access to the security realm to all the accounts: handle it with care. See ticket [https://bugs.eclipse.org/bugs/show_bug.cgi?id=399487 399487].
* Default access rights of User shall be understood as Minimum rights. A user with a default right = READ has al least READ access to any object of the repository. See bug [https://bugs.eclipse.org/bugs/show_bug.cgi?id=399486 399486].
+
* Default access rights of User shall be understood as Minimum rights. A user with READ default access right has at least READ access to all objects of the repository. See ticket [https://bugs.eclipse.org/bugs/show_bug.cgi?id=399486 399486].
 +
* WRITE access are checked at commit time. It means that if you are using the CDO UI, you can create and modify objects in the editor. Your commit will be entirely rejected when saving. See ticket [https://bugs.eclipse.org/bugs/show_bug.cgi?id=399485 399485].
 +
* Modifications in the security realm done with the CDO editor are not taken into account at commit time by the server. See ticket [https://bugs.eclipse.org/bugs/show_bug.cgi?id=399480 399480].
 +
* There is no mean at the time this tutorial has been written to change passwords through the CDO UI. See ticket [https://bugs.eclipse.org/bugs/show_bug.cgi?id=399306 399306].

Revision as of 15:32, 17 February 2013

Setting up the security manager on a new repository

If you are creating a new repository, things are quite simple. First create a cdo-server.xml configuration file. The important bit is the highlighted line in the example below:

<securityManager

Cdo-server-xml.png

Enabling the security manager on an exiting repository

Logging into the repository

Modifying the access rights

Notes

  • The Apache Derby adapter seems to be broken in CDO 4.x. Prefer using H2, which is now the default embedded database.
  • Some CDO features, like workspace and CDO projects management, are not yet compatible with the security manager.
  • When setting up access right, be aware that ClassPermission doesn't apply to its subtypes, but only the specified class. See ticket #399478.
  • Be aware that you can apply any change to the security realm, even removing write access to the security realm to all the accounts: handle it with care. See ticket 399487.
  • Default access rights of User shall be understood as Minimum rights. A user with READ default access right has at least READ access to all objects of the repository. See ticket 399486.
  • WRITE access are checked at commit time. It means that if you are using the CDO UI, you can create and modify objects in the editor. Your commit will be entirely rejected when saving. See ticket 399485.
  • Modifications in the security realm done with the CDO editor are not taken into account at commit time by the server. See ticket 399480.
  • There is no mean at the time this tutorial has been written to change passwords through the CDO UI. See ticket 399306.

Back to the top