Hi Tim, I am not sure I have thought this through completely, nor can I think of the exact steps to do this, but here is my instinct on how I would attempt to solve this:
I would try to create amped functions that allow Sue to share (read only) Tom’s document (that Sue has read permission for). I think the function could amp to a role paired with a read permission on the document, thus allowing Tom to read the document. Like I said, I am not totally sure how I would write such a function, but it seems possible (though tricky). See if that scratches an itch. Maybe someone else has a better idea. -Danny From: [email protected] [mailto:[email protected]] On Behalf Of Timothy W. Cook Sent: Monday, July 28, 2014 7:19 AM To: MarkLogic Developer Discussion Subject: [MarkLogic Dev General] Security Design I am in the early design stages of a (hopefully) large application and would like to see if I understand the operations of collections correctly. You can think of this in a similar context to a social media app. I have attached a simple diagram to aid the text. Imagine that Joe, Sue and Tom are users and each have a collection (marked 'P' )where only they have read/write access to documents they load. Joe and Tom have collections that they would like to use to share (read only) with various other users, one being Sue. This seems rather straight forward. However, the use case also calls for Sue being able to share (read only) Tom's documents with Joe and Joe's documents with Tom; as she sees fit without the intervention of Tom or Joe. Could someone expand on this to describe how this might be setup? Do I need separate roles that are tied to each collection, for each of these exchanges? Thanks, Tim -- ============================================ Timothy Cook LinkedIn Profile:http://www.linkedin.com/in/timothywaynecook MLHIM http://www.mlhim.org<http://www.mlhim.org/>
_______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
