Is it safe to set all rights to granted in the Ivy Admin console for the role "Everybody"

For example a user has the "UserAddRole" permission. If the webapp doesn't has the feature to add a role is it still somehow possible for the user to add a role?

In other words: As long as the webapp controls the security itself, does it need the ivy security layer?

asked 21.06.2016 at 17:37

Michael%20Knight's gravatar image

Michael Knight
accept rate: 0%

The ivy permissions ensures that processes executed by an authenticated user can not call certain ivy API's. If the process never ever calls that API it is save to grant the permission to a user or one of it roles.

Note, that also some standard products like the portal or JsFWorkflowUI application uses these permissions to enable and disable some features on the its UI. For example it allows to modify the expiry date of a task if the current user has the right permissions to call the corresponing API (ITask#setExpiryTimestamp). Therefore, it is not recommended to grant all permissions to the Everybody role.

But if you know what your web application is doing. And you want to be responsbile for the security your own. Feel free. For a process developer it is even possible to decide to turn off security while executing some code. That means that the code can call API's without to have the right permissions. It is in the responsibility of the process developer to ensure security in this case.


answered 23.06.2016 at 09:50

Reto%20Weiss's gravatar image

Reto Weiss ♦♦
accept rate: 74%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: 21.06.2016 at 17:37

Seen: 1,176 times

Last updated: 23.06.2016 at 09:50