Setting up the security manager on a new repository
If you are creating a new repository, things are quite simple. First create a cdo-server.xml configuration file. The important bit is the highlighted line in the example below:
Enabling the security manager on an exiting repository
Logging into the repository
Modifying the access rights
- The Apache Derby adapter seems to be broken in CDO 4.x. Prefer using H2, which is now the default embedded database.
- Some CDO features, like workspace and CDO projects management, are not yet compatible with the security manager.
- When setting up access right, be aware that ClassPermission doesn't apply to its subtypes, but only the specified class. See bug #399478.
- Be aware that you can apply any change to the security realm, even removing write access to the security realm to all the accounts: handle it with care. See bug 399487.
- Default access rights of User shall be understood as Minimum rights. A user with a default right = READ has al least READ access to any object of the repository. See bug 399486.