Hello Marius It depends on the use-case. In examples like yours a service-user would most probably be the right choice. In other examples, for instance a job that processes an asset, the job should be performed with the privileges of the triggering user, to limit the possibilities of an potential exploit.
Best greetings Lars On 14.05.2014 19:39, Marius Petria wrote: > Hi, > >>>> When processing events and jobs, the corresponding subject triggering >>>> the event usually gets lost. This lead to event handlers / job >>>> consumers often operating with administrative sessions/resolvers to >>>> do their work, which in turn can lead to privilege escalations. > > Is that a good pattern to encourage, i.e. to execute the handlers using the > security context of the triggering subject? You could pass the information on > a case by case basis, but typically consumers might represent different > services than the one triggering the action. Imagine an indexing service that > listens to all modifications. If the user for that service does not have read > permissions for certain resources then those should not be indexed when an > admin is editing the content. > > Marius > > >