Hi, Danny: My previous suggestion was incorrect. The rest-extension-user role can read the source code for a resource service.
At present, there's no way to have a user who can execute a resource service but not read the resource service source. In MarkLogic 8, the closest workaround would be to install a main module with any permissions you choose and invoke the main module. Erik Hennum ________________________________ From: [email protected] [[email protected]] on behalf of Danny Sinang [[email protected]] Sent: Saturday, March 28, 2015 10:34 AM To: MarkLogic Developer Discussion Subject: Re: [MarkLogic Dev General] REST API allows for downloading of code Hi Erik, Thanks, but just to be clear, are you saying that, in order to prevent normal users (who can execute REST API extensions) from accessing their corresponding source code, I need to limit those users' roles to just the rest-extension-user ? Regards, Danny On Sat, Mar 28, 2015 at 11:08 AM, Erik Hennum <[email protected]<mailto:[email protected]>> wrote: Hi, Danny: Starting in 7.0-3 (I think), only a user with the rest-extension-user role can execute a REST extension. You can define a role that inherits the rest-extension-user role and has the rest-reader privilege (not the rest-reader role) and rest-writer privilege (again, not the role). I know that users with such roles can execute extensions and read and write documents. I suspect (but haven't confirmed) that such users can't read extensions. Hoping that's useful, Erik Hennum ________________________________ From: [email protected]<mailto:[email protected]> [[email protected]<mailto:[email protected]>] on behalf of Danny Sinang [[email protected]<mailto:[email protected]>] Sent: Saturday, March 28, 2015 6:55 AM To: general Subject: [MarkLogic Dev General] REST API allows for downloading of code ML apparently allows downloading of code for REST API resource extensions as documented in https://docs.marklogic.com/guide/rest-dev/extensions#id_20662 . For security purposes, is there a way to control which user can execute these REST API resource extensions and who can download their corresponding code ? Regards, Danny _______________________________________________ General mailing list [email protected]<mailto:[email protected]> http://developer.marklogic.com/mailman/listinfo/general
_______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
