Hi Jeroen, I am not sure why the Amp isn't working, but you can use the Execution Privilege instead. Associate your user's role to the Execution Privilege 'get-role-names', and it should work.
Note that you have to execute sec:get-role-names against the Security database. Kind regards, Geert > Drs. G.P.H. Josten Consultant http://www.daidalos.nl/ Daidalos BV Source of Innovation Hoekeindsehof 1-4 2665 JZ Bleiswijk Tel.: +31 (0) 10 850 1200 Fax: +31 (0) 10 850 1199 http://www.daidalos.nl/ KvK 27164984 De informatie - verzonden in of met dit emailbericht - is afkomstig van Daidalos BV en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onbedoeld hebt ontvangen, verzoeken wij u het te verwijderen. Aan dit bericht kunnen geen rechten worden ontleend. > From: [email protected] > [mailto:[email protected]] On Behalf Of > Jeroen Pulles > Sent: woensdag 7 oktober 2009 14:02 > To: General Mark Logic Developer Discussion > Subject: [MarkLogic Dev General] Re: Saving a document over XCC? > > Hi, > > I want to use an amp to get to the role names for the role > id's on the document permissions. So I add my user's role to > the get-role-names amp. > > How come I still get a privilege exception for this user? > > My understanding of amps is that once a role has the amp > token for a function, that role has root powers that include > any privilege inside the function body. > > SEC-PRIV: > xdmp:security-assert("http://marklogic.com/xdmp/privileges/get > -role-names", > "execute") -- Need privilege: > http://marklogic.com/xdmp/privileges/get-role-names > > in /MarkLogic/security.xqy, on line 707 > expr: > xdmp:security-assert("http://marklogic.com/xdmp/privileges/get > -role-names", > "execute"), > > in sec:get-role-names(xs:unsignedLong("5500450759246938400")) > in /content/save_check_role-names.xqy, on line 9 > > regards, > Jeroen > > -- > Jeroen Pulles > Xopus B.V., The Netherlands > > Xopus: The web based WYSIWYG XML Editor > _______________________________________________ > General mailing list > [email protected] > http://xqzone.com/mailman/listinfo/general > _______________________________________________ General mailing list [email protected] http://xqzone.com/mailman/listinfo/general
