Good news, I have deleted all existing documents to make sure there were none with wrong permissions (read: no permissions). I was expecting no documents actually, we are still in development and I am developing with test scripts that have a clean footprint, or at least should have.
I also restarted MarkLogic Server to make sure latest security config changes were available fully. Now all problems seem to have cleared. For your information, we are busy changing security settings on document storage (during development stage) from no security to full security (URI privilege, protected collection, default permissions and default collections). But I now have the impression that things got cluttered during migration. Perhaps the footprint was indeed not as clean as I thought, I'll need to take a closer look.. Thanks for your patience. Best regards, Geert > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of > Geert Josten > Sent: dinsdag 24 februari 2009 21:38 > To: General Mark Logic Developer Discussion > Subject: RE: [MarkLogic Dev General] > Xdmp:default-permissions() not working? > > Michael, > > User-id option: > > xdmp:eval('(: some expression.. :)', (), <options > xmlns="xdmp:eval"><user-id>{xdmp:user('someuser')}</user-id></ > options>) > > I tried to create a test case that shows my problems, but it > seems more complicated than I thought. I'll be in touch.. > > Kind regards, > Geert > > > -----Original Message----- > > From: [email protected] > > [mailto:[email protected]] On Behalf > Of Michael > > Blakeley > > Sent: dinsdag 24 februari 2009 18:17 > > To: General Mark Logic Developer Discussion > > Subject: Re: [MarkLogic Dev General] > > Xdmp:default-permissions() not working? > > > > Geert, > > > > Can you be more explicit about "the user-id option"? > > > > The cq window should tell you what user you're logged in as, in the > > title bar. For example, my copy of cq (svn HEAD) in firefox > 3.0.6 says > > "cq - [email protected]:8000", and I get the results I expect from > > xdmp:default-permissions(): > > > > <sec:permission xmlns:sec="http://marklogic.com/xdmp/security";> > > <sec:capability>insert</sec:capability> > > <sec:role-id>18086402793777567391</sec:role-id> > > </sec:permission> > > <sec:permission xmlns:sec="http://marklogic.com/xdmp/security";> > > <sec:capability>update</sec:capability> > > <sec:role-id>18086402793777567391</sec:role-id> > > </sec:permission> > > <sec:permission xmlns:sec="http://marklogic.com/xdmp/security";> > > <sec:capability>read</sec:capability> > > <sec:role-id>18086402793777567391</sec:role-id> > > </sec:permission> > > <sec:permission xmlns:sec="http://marklogic.com/xdmp/security";> > > <sec:capability>read</sec:capability> > > <sec:role-id>16214968982484730623</sec:role-id> > > </sec:permission> > > > > -- Mike > > > > On 2009-02-23 23:46, Geert Josten wrote: > > > Hi there, > > > > > > I am running MarkLogic Server 4.0-1 on a WinXP laptop. I > > have added a user to the security database in MarkLogic > Server using > > the Admin interface and the describe feature tells me that > this user > > has default permissions (inherited from a custom defined > role). But an > > empty sequence is returned, when calling the > > xdmp:default-permissions() as this user. Also, when inserting > > documents, permissions are not automatically assigned > because of this, > > making the document inaccessible for the user itself. > > > > > > (Reproduced with cq using xdmp:eval and the user-id option.. > > > > > > Is there an obvious reason this goes wrong? Or is it > > something that has been fixed in the latest releases? I > failed to find > > release notes on the latest patch versions. > > Are these available somewhere? > > > > > > Kind regards, > > > Geert > > > > > > > > > Drs. G.P.H. Josten > > > Consultant > > > > > > > > > http://www.daidalos.nl/ > > > Daidalos BV > > > Source of Innovation > > > Hoekeindsehof 1-4 > > > 2665 JZ Bleiswijk > > > Tel.: +31 (0) 10 850 1200 > > > Fax: +31 (0) 10 850 1199 > > > http://www.daidalos.nl/ > > > KvK 27164984 > > > De informatie - verzonden in of met dit emailbericht - is > > afkomstig van Daidalos BV en is uitsluitend bestemd voor de > > geadresseerde. Indien u dit bericht onbedoeld hebt ontvangen, > > verzoeken wij u het te verwijderen. Aan dit bericht kunnen geen > > rechten worden ontleend. > > > > > > > > > > > > _______________________________________________ > > > General mailing list > > > [email protected] > > > http://xqzone.com/mailman/listinfo/general > > > > _______________________________________________ > > General mailing list > > [email protected] > > http://xqzone.com/mailman/listinfo/general > > _______________________________________________ > General mailing list > [email protected] > http://xqzone.com/mailman/listinfo/general > _______________________________________________ General mailing list [email protected] http://xqzone.com/mailman/listinfo/general
