For that kind of task I would probably use a combination of application-level authentication, plus http://developer.marklogic.com/pubs/4.1/apidocs/Security.html#xdmp:security-assert to test for exec privileges within the protected pages. At the security model level you'd simply have a set of exec privs, one per protected area, one role per exec priv, and users that have those roles.
http://developer.marklogic.com/code/userlogin might be helpful too. -- Mike On 2010-05-26 10:07, Adam Patterson wrote: > Hello All, > > I am struggling with Marklogic’s security model. Specifically, with relation > to an HTTP server application, users, priviledges, and roles. I have read > through the documentation in the Administrator’s Guide > (http://developer.marklogic.com/pubs/4.1/books/admin.pdf), section 19, and > well I find the documentation is well done overall I’m still struggling with > how to apply the concepts to my particular case. As I read each subsection I > find that I understand the specific examples, but I am having difficulty > seeing how to piece the diverse concepts together into an overall framework. > I have tried various experiments with my install, but with discouraging > results. > > What I am trying to do is quite simple (I think): Using Marklogic’s security > model I want to have some areas of a website (served by an HTTP server) > completely restricted to an admin role for that site (not overall server > admin), some areas semi-restricted to privileged authenticated users but not > anonymous users, and some areas completely unrestricted. > > So, does anyone have resources, examples, or documentation which discuss best > practice approaches to this kind of set up? I am looking for something that > is less general than the Admin Guide document, something which discusses how > to fit the various pieces together into a conceptual whole. Any feedback is > appreciated. > > Cheers, > > Adam Patterson > _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
