Just a related remark: You might find it usefull to break down the permissions some more. Particularly usefull when you will have large collections of documents that need to be secured the same way..
Create 5 basic roles, 4 for each of the basic permission levels (read, insert, update and execute) and one to assign default permissions for the other 4. When creating or updating documents, make sure to use a user with this default permissions role (directly or indirectly). That will create all possible permissions on each document. To limit access to those documents, one only needs to create additional roles which inherit from the 4 basic permission roles, but only those you wish to apply. That way you can create a new role with read permission at any time very easily, or one with just execute permission just as well.. Hope this is clear enough for you.. Kind regards, Geert > Drs. G.P.H. Josten Consultant http://www.daidalos.nl/ Daidalos BV Source of Innovation Hoekeindsehof 1-4 2665 JZ Bleiswijk Tel.: +31 (0) 10 850 1200 Fax: +31 (0) 10 850 1199 http://www.daidalos.nl/ KvK 27164984 De informatie - verzonden in of met dit emailbericht - is afkomstig van Daidalos BV en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onbedoeld hebt ontvangen, verzoeken wij u het te verwijderen. Aan dit bericht kunnen geen rechten worden ontleend. > From: [email protected] > [mailto:[email protected]] On Behalf Of > Danny Sokolsky > Sent: maandag 1 juni 2009 22:54 > To: General Mark Logic Developer Discussion > Subject: [MarkLogic Dev General] RE: permissions in a pipeline > > Sounds like the user does not have default permissions of > read, insert, update on the role (call it Role1). Default > permissions are on a user or role. One way to accomplish > this is to add these default permissions to the role Role1 by > going to the Admin Interface, navigating to Role1, scrolling > towards the bottom of the screen, and entering the default > permissions for Role1 (at least one for update, and probably > for read). Then any user that has Role1 will get at least > these default permissions. Then the call to > xdmp:default-permissions() should not return the empty sequence. > > > > -Danny > > > > > > From: [email protected] > [mailto:[email protected]] On Behalf Of > Runstein, Robert E. (Contr) (IS) > Sent: Monday, June 01, 2009 1:23 PM > To: [email protected] > Subject: [MarkLogic Dev General] permissions in a pipeline > > > > Hi, > > I'm running a pipeline that tries to insert a document with > the default permissions of the current user who has a role > with read, insert and update permissions. > > xdmp:document-insert($uri, $doc, > xdmp:default-permissions(), $collection) > > I get an error complaining that I need at least one update > permission. When I log xdmp:default-permissions() I get an > empty sequence. > > Providing xdmp:permission("myUserRole", "update") solves the > problem but I would rather not hard code the role. I tried > to amp the function but that did not seem to work either. Is > there a special permission that the user must have to insert > within a pipeline? > > Thanks. > > Bob Runstein > > _______________________________________________ General mailing list [email protected] http://xqzone.com/mailman/listinfo/general
