Hi Folks,
I’m trying to get some clarification on module and document permissions in ML 6 and ML7 and as run in the context of an admin user, a non-admin user, and via spawn (i.e. as run on the task server). 1. True or False: Any content can be read, updated, inserted by an admin user even if no permissions have been explicitly added to the document 2. True or False: Any xquery module in the respective modules database can be can be executed, read, updated, inserted by an admin user even if no permissions have been explicitly added to the module. 3. When spawning a module, the spawned task runs with the permission of the user unless the UserID is specified in the options. Therefore the rules for 2 above apply. What I found was that the spawned xquery modules needed to have the appropriate read and execute permissions to be invoked, even though I spawned the task as an admin user. 4. Did any of this change in the upgrade from ML 6 to ML 7? As a practice I add document read, insert, update, and execute permissions whenever I insert a document. That way if I have an application that is not run by an admin the user can access the documents. I also add the read, insert, update, and execute permissions to any non-admin user where I add custom roles for limiting application features and for tracking user IDs in the workflow. Tim M.
_______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
