Mike,
Thanks for the report: that's a bug in cq, and I'll add a check for the
missing privileges in the next release. Meanwhile you can simply add
them to the role you're using for cq (I usually create a 'cq' role, and
grant it all the necessary privileges).
The extra privileges are:
http://marklogic.com/xdmp/privileges/xdmp-eval-modules-change
http://marklogic.com/xdmp/privileges/xdmp-eval-modules-change-file
http://marklogic.com/xdmp/privileges/xdmp-invoke-modules-change
http://marklogic.com/xdmp/privileges/xdmp-invoke-modules-change-file
-- Mike
Mike Bowers wrote:
CQ v4.0-1.1 - The Explore link does not have enough permissions to work when
accessed by a user with the following permissions. (These are the permissions
listed by the CQ app as required.)
http://marklogic.com/xdmp/privileges/admin-module-read
http://marklogic.com/xdmp/privileges/xdmp-document-get
http://marklogic.com/xdmp/privileges/xdmp-eval
http://marklogic.com/xdmp/privileges/xdmp-eval-in
http://marklogic.com/xdmp/privileges/xdmp-filesystem-directory
http://marklogic.com/xdmp/privileges/xdmp-invoke
http://marklogic.com/xdmp/privileges/xdmp-invoke-in
http://marklogic.com/xdmp/privileges/xdmp-add-response-header
http://marklogic.com/xdmp/privileges/xdmp-save
Using the Admin interface, I granted the following execute privileges to the
user accessing CQ.
Execute Privileges
admin-module-read
xdmp:add-response-header
xdmp:document-get
xdmp:eval
xdmp:eval-in
xdmp:filesystem-directory
xdmp:invoke
xdmp:invoke-in
xdmp:save
Below is the error returned by CQ.
500 Internal Server Error
SEC-PRIV: xdmp:invoke("explore-invokable.xqy", (QName("", "START"), 1, QName("", "SIZE"), ...), <options
xmlns="xdmp:eval"><database>16598281688763691163</database><root>Docs/cq/</root><m...</options>) -- Insufficient privileges
in /cq/explore.xqy, on line 61 [1.0-ml]
$options = <options
xmlns="xdmp:eval"><database>16598281688763691163</database><root>Docs/cq/</root><m...</options>
$d = ()
$filter = ()
$filter = ()
Best Regards,
Mike Bowers
Principal Database Engineer
(801) 240-0720
----------------------------------------------------------------------
NOTICE: This email message is for the sole use of the intended recipient(s) and
may contain confidential and privileged information. Any unauthorized review,
use, disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all copies of
the original message.
------------------------------------------------------------------------
_______________________________________________
General mailing list
[email protected]
http://xqzone.com/mailman/listinfo/general
_______________________________________________
General mailing list
[email protected]
http://xqzone.com/mailman/listinfo/general
