Thanks - and what about 3? J I would expect it to run without a problem if spawned by an admin.
Tim From: [email protected] [mailto:[email protected]] On Behalf Of Sudhakar Reddy Sent: Wednesday, October 15, 2014 3:45 PM To: MarkLogic Developer Discussion Subject: Re: [MarkLogic Dev General] Document & Module Permissions in ML6 & ML7 True for 1,2 & 4. Admin has full permissions on Documents in content db and on modules. And I don't think anything has changed from ML6 - ML7. Sorry I don't have enough knowledge about spawn permissions. But I'd assume regardless of what you want to do, Admin has full privileges across the board, but I could be wrong. -Sudhakar From: Tim <[email protected]> Reply-To: MarkLogic Developer Discussion <[email protected]> Date: Thursday, October 9, 2014 at 10:34 AM To: 'MarkLogic Developer Discussion' <[email protected]> Subject: [MarkLogic Dev General] Document & Module Permissions in ML6 & ML7 Hi Folks, I'm trying to get some clarification on module and document permissions in ML 6 and ML7 and as run in the context of an admin user, a non-admin user, and via spawn (i.e. as run on the task server). 1. True or False: Any content can be read, updated, inserted by an admin user even if no permissions have been explicitly added to the document 2. True or False: Any xquery module in the respective modules database can be can be executed, read, updated, inserted by an admin user even if no permissions have been explicitly added to the module. 3. When spawning a module, the spawned task runs with the permission of the user unless the UserID is specified in the options. Therefore the rules for 2 above apply. What I found was that the spawned xquery modules needed to have the appropriate read and execute permissions to be invoked, even though I spawned the task as an admin user. 4. Did any of this change in the upgrade from ML 6 to ML 7? As a practice I add document read, insert, update, and execute permissions whenever I insert a document. That way if I have an application that is not run by an admin the user can access the documents. I also add the read, insert, update, and execute permissions to any non-admin user where I add custom roles for limiting application features and for tracking user IDs in the workflow. Tim M.
_______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
