Author Topic: Limited user can do a lot from script (Read 5831 times)

jakson · « **on:** November 23, 2016, 03:02:36 am »

I have very limited user that has only two permissions:
- Export XMI
- Generate Documents
He can't remove package or element in "standard" way, but he can do it from script.

How to block it or (at least) block script execution for that user?

Geert Bellekens · « **Reply #1 on:** November 23, 2016, 03:16:22 am »

Those are new security rights since v13

Pre v13 there is nothing you can do to prevent someone to write or execute scripts.

Geert

qwerty · « **Reply #2 on:** November 23, 2016, 09:20:58 am »

With a native SQL client you are still able to ship around any of EA's security features with ease.

q.

jakson · « **Reply #3 on:** November 23, 2016, 10:01:36 pm »

Quote from: qwerty on November 23, 2016, 09:20:58 am

With a native SQL client you are still able to ship around any of EA's security features with ease.

How to prevent user from executing EA scripts using SQL?

I made these tables read-only (set only SELECT permission):
- t_script
- t_secpolicies
- t_secgroup
- t_secusergroup
- t_secgrouppermission
- t_secuserpermission
but this is the only "MySQL security" I have.

qwerty · « **Reply #4 on:** November 23, 2016, 11:36:39 pm »

See it like this: if there's a user that can do script, he can do SQL. And if he can do SQL he can do anything (to destroy the model) since you need to access the tables r/w. Just make sure you don't have evil modelers. You likely don't want a police where each modeler has to request a change in three copies before he can do it. Rather, take backups and if you find someone treating your model bad, have a talk or kick him and take the backup.

q.

Sparx Systems Forum

News: