Hi, Danny: Starting in 7.0-3 (I think), only a user with the rest-extension-user role can execute a REST extension.
You can define a role that inherits the rest-extension-user role and has the rest-reader privilege (not the rest-reader role) and rest-writer privilege (again, not the role). I know that users with such roles can execute extensions and read and write documents. I suspect (but haven't confirmed) that such users can't read extensions. Hoping that's useful, Erik Hennum ________________________________ From: [email protected] [[email protected]] on behalf of Danny Sinang [[email protected]] Sent: Saturday, March 28, 2015 6:55 AM To: general Subject: [MarkLogic Dev General] REST API allows for downloading of code ML apparently allows downloading of code for REST API resource extensions as documented in https://docs.marklogic.com/guide/rest-dev/extensions#id_20662 . For security purposes, is there a way to control which user can execute these REST API resource extensions and who can download their corresponding code ? Regards, Danny
_______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
