Yes, I am. And with all users I have tested with (one with admin role, one with security role and one with a custom role)..
Doing a document-get-permissions after a document-insert with the 4 arguments returns all default permissions inherited by the user as shown in the Admin interface, but leaving the latter 2 out results in additional permissions for roles like 'trigger-management' and 'alert-internal'. Looks like all default permissions of all roles are applied if the latter 2 arguments are not supplied? Kind regards, Geert PS: about the xdmp:default-permissions() failing occasionally, I have noticed it twice until now. Once after finishing the security config of a new test deployment, and just now after a reboot on my laptop. In both cases a restart on the group was the solution. > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of > Michael Blakeley > Sent: woensdag 25 februari 2009 16:49 > To: General Mark Logic Developer Discussion > Subject: Re: [MarkLogic Dev General] > Xdmp:default-permissions() not working? > > No, those two forms are identical as far as I know, and work > identically in a quick test. Are you seeing a difference? > > -- Mike > > On 2009-02-25 01:02, Geert Josten wrote: > > PPS: > > > > Is it true that there is a difference between: > > > > xdmp:document-insert('someuri',<somedoc/>) > > > > And: > > > > xdmp:document-insert('someuri',<somedoc/>, > > xdmp:default-permissions(), xdmp:default-collections()) > > > > Kind regards, > > Geert > > > >> -----Original Message----- > >> From: [email protected] > >> [mailto:[email protected]] On Behalf > Of Geert > >> Josten > >> Sent: dinsdag 24 februari 2009 23:59 > >> To: General Mark Logic Developer Discussion > >> Subject: RE: [MarkLogic Dev General] > >> Xdmp:default-permissions() not working? > >> > >> Good news, > >> > >> I have deleted all existing documents to make sure there were none > >> with wrong permissions (read: no permissions). I was expecting no > >> documents actually, we are still in development and I am > developing > >> with test scripts that have a clean footprint, or at least should > >> have. > >> > >> I also restarted MarkLogic Server to make sure latest > security config > >> changes were available fully. Now all problems seem to > have cleared. > >> > >> For your information, we are busy changing security settings on > >> document storage (during development stage) from no > security to full > >> security (URI privilege, protected collection, default permissions > >> and default collections). But I now have the impression > that things > >> got cluttered during migration. Perhaps the footprint was > indeed not > >> as clean as I thought, I'll need to take a closer look.. > >> > >> Thanks for your patience. > >> > >> Best regards, > >> Geert > >> > >> > >>> -----Original Message----- > >>> From: [email protected] > >>> [mailto:[email protected]] On > Behalf Of Geert > >>> Josten > >>> Sent: dinsdag 24 februari 2009 21:38 > >>> To: General Mark Logic Developer Discussion > >>> Subject: RE: [MarkLogic Dev General] > >>> Xdmp:default-permissions() not working? > >>> > >>> Michael, > >>> > >>> User-id option: > >>> > >>> xdmp:eval('(: some expression.. :)', (),<options > >>> xmlns="xdmp:eval"><user-id>{xdmp:user('someuser')}</user-id></ > >>> options>) > >>> > >>> I tried to create a test case that shows my problems, but > it seems > >>> more complicated than I thought. I'll be in touch.. > >>> > >>> Kind regards, > >>> Geert > >>> > >>>> -----Original Message----- > >>>> From: [email protected] > >>>> [mailto:[email protected]] On Behalf > >>> Of Michael > >>>> Blakeley > >>>> Sent: dinsdag 24 februari 2009 18:17 > >>>> To: General Mark Logic Developer Discussion > >>>> Subject: Re: [MarkLogic Dev General] > >>>> Xdmp:default-permissions() not working? > >>>> > >>>> Geert, > >>>> > >>>> Can you be more explicit about "the user-id option"? > >>>> > >>>> The cq window should tell you what user you're logged in > >> as, in the > >>>> title bar. For example, my copy of cq (svn HEAD) in firefox > >>> 3.0.6 says > >>>> "cq - [email protected]:8000", and I get the results I expect from > >>>> xdmp:default-permissions(): > >>>> > >>>> <sec:permission xmlns:sec="http://marklogic.com/xdmp/security";> > >>>> <sec:capability>insert</sec:capability> > >>>> <sec:role-id>18086402793777567391</sec:role-id> > >>>> </sec:permission> > >>>> <sec:permission xmlns:sec="http://marklogic.com/xdmp/security";> > >>>> <sec:capability>update</sec:capability> > >>>> <sec:role-id>18086402793777567391</sec:role-id> > >>>> </sec:permission> > >>>> <sec:permission xmlns:sec="http://marklogic.com/xdmp/security";> > >>>> <sec:capability>read</sec:capability> > >>>> <sec:role-id>18086402793777567391</sec:role-id> > >>>> </sec:permission> > >>>> <sec:permission xmlns:sec="http://marklogic.com/xdmp/security";> > >>>> <sec:capability>read</sec:capability> > >>>> <sec:role-id>16214968982484730623</sec:role-id> > >>>> </sec:permission> > >>>> > >>>> -- Mike > >>>> > >>>> On 2009-02-23 23:46, Geert Josten wrote: > >>>>> Hi there, > >>>>> > >>>>> I am running MarkLogic Server 4.0-1 on a WinXP laptop. I > >>>> have added a user to the security database in MarkLogic > >>> Server using > >>>> the Admin interface and the describe feature tells me that > >>> this user > >>>> has default permissions (inherited from a custom defined > >>> role). But an > >>>> empty sequence is returned, when calling the > >>>> xdmp:default-permissions() as this user. Also, when inserting > >>>> documents, permissions are not automatically assigned > >>> because of this, > >>>> making the document inaccessible for the user itself. > >>>>> (Reproduced with cq using xdmp:eval and the user-id option.. > >>>>> > >>>>> Is there an obvious reason this goes wrong? Or is it > >>>> something that has been fixed in the latest releases? I > >>> failed to find > >>>> release notes on the latest patch versions. > >>>> Are these available somewhere? > >>>>> Kind regards, > >>>>> Geert > >>>>> > >>>>> > >>>>> Drs. G.P.H. Josten > >>>>> Consultant > >>>>> > >>>>> > >>>>> http://www.daidalos.nl/ > >>>>> Daidalos BV > >>>>> Source of Innovation > >>>>> Hoekeindsehof 1-4 > >>>>> 2665 JZ Bleiswijk > >>>>> Tel.: +31 (0) 10 850 1200 > >>>>> Fax: +31 (0) 10 850 1199 > >>>>> http://www.daidalos.nl/ > >>>>> KvK 27164984 > >>>>> De informatie - verzonden in of met dit emailbericht - is > >>>> afkomstig van Daidalos BV en is uitsluitend bestemd voor de > >>>> geadresseerde. Indien u dit bericht onbedoeld hebt ontvangen, > >>>> verzoeken wij u het te verwijderen. Aan dit bericht kunnen geen > >>>> rechten worden ontleend. > >>>>> > >>>>> > >>>>> _______________________________________________ > >>>>> General mailing list > >>>>> [email protected] > >>>>> http://xqzone.com/mailman/listinfo/general > >>>> _______________________________________________ > >>>> General mailing list > >>>> [email protected] > >>>> http://xqzone.com/mailman/listinfo/general > >>>> _______________________________________________ > >>> General mailing list > >>> [email protected] > >>> http://xqzone.com/mailman/listinfo/general > >>> _______________________________________________ > >> General mailing list > >> [email protected] > >> http://xqzone.com/mailman/listinfo/general > >> _______________________________________________ > > General mailing list > > [email protected] > > http://xqzone.com/mailman/listinfo/general > > _______________________________________________ > General mailing list > [email protected] > http://xqzone.com/mailman/listinfo/general > _______________________________________________ General mailing list [email protected] http://xqzone.com/mailman/listinfo/general
