I noticed that any service invoked through a trigger runs under Administrator. This appears to be an easy way to elevate ones priviliges and is therefore a security risk. Is there a way to secure this?
I noticed that the wmPublic scheduling API allows any user (including the Default user) to create a schedule under any other userid including Administrator. Again this seems to be a very easy way to elevate ones priviliges. Is there a way to secure this?