Hi Will, I can verify that fresh ML6 installs do assign the get-server-field privilege to rest-reader-internal. There may be an upgrade issue; it seems less likely (to me) to be OS related, but it sounds like you should contact support about it. They will be able to analyze your security.xml files and locate the issue precicely.
The workaround of course is to do what you've already thought of -- rest-reader-internal does need the get-server-field privilege. Charles On 01/16/2014 02:55 PM, Will Thompson wrote: > Charles - > > Sorry, that’s correct: rest-reader. This is on 6.0-4. What we’re noticing is > that none of the Windows machines’ rest-reader-internal have > xdmp:get-server-field, but I do on OSX. My dev machine is upgraded from ML5. > The Windows machines are a combination of fresh ML6 and upgrade scenarios, > but mostly upgrade. Could it be OS-related? > > -Will > > > On Jan 16, 2014, at 4:08 PM, Charles Greer <[email protected]> > wrote: > >> Hi Will, >> >> Assuming you meant "rest-reader", not "rest-user". >> >> What version of MarkLogic server are you running? Pretty surprising to >> hear about this kind of bug. Are you in an upgraded scenario? >> >> Charles >> >> >> >> >> On 01/16/2014 01:46 PM, Will Thompson wrote: >>> It appears that out of the box a user with just the rest-user role does not >>> have sufficient privileges to make a GET call to a REST API endpoint. We >>> had to give our users the xdmp:get-server-field privilege, otherwise >>> endpoint-util.xqy throws an exception from eput:get-server-field(). Is it >>> possible that we screwed something up in our REST deployment, or is this a >>> bug I should follow up with support? >>> >>> -Will >>> _______________________________________________ >>> General mailing list >>> [email protected] >>> http://developer.marklogic.com/mailman/listinfo/general >>> >> >> -- >> Charles Greer >> Senior Engineer >> MarkLogic Corporation >> [email protected] >> Phone: +1 707 408 3277 >> www.marklogic.com >> >> _______________________________________________ >> General mailing list >> [email protected] >> http://developer.marklogic.com/mailman/listinfo/general >> > _______________________________________________ > General mailing list > [email protected] > http://developer.marklogic.com/mailman/listinfo/general > -- Charles Greer Senior Engineer MarkLogic Corporation [email protected] Phone: +1 707 408 3277 www.marklogic.com _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
