Hi Erik, Thanks, but just to be clear, are you saying that, in order to prevent normal users (who can execute REST API extensions) from accessing their corresponding source code, I need to limit those users' roles to just the rest-extension-user ?
Regards, Danny On Sat, Mar 28, 2015 at 11:08 AM, Erik Hennum <[email protected]> wrote: > Hi, Danny: > > Starting in 7.0-3 (I think), only a user with the rest-extension-user > role can execute a REST extension. > > You can define a role that inherits the rest-extension-user role and has the > rest-reader privilege (not the rest-reader role) and rest-writer privilege > (again, > not the role). > > I know that users with such roles can execute extensions and read and > write documents. > > I suspect (but haven't confirmed) that such users can't read extensions. > > > Hoping that's useful, > > > Erik Hennum > > ------------------------------ > *From:* [email protected] [ > [email protected]] on behalf of Danny Sinang [ > [email protected]] > *Sent:* Saturday, March 28, 2015 6:55 AM > *To:* general > *Subject:* [MarkLogic Dev General] REST API allows for downloading of code > > ML apparently allows downloading of code for REST API resource > extensions as documented in > https://docs.marklogic.com/guide/rest-dev/extensions#id_20662 . > > For security purposes, is there a way to control which user can execute > these REST API resource extensions and who can download their corresponding > code ? > > > Regards, > Danny > > _______________________________________________ > General mailing list > [email protected] > http://developer.marklogic.com/mailman/listinfo/general > >
_______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
