Thanks, it looks good! Btw, another question, may be not related: is there any way to assign some capabilities (e.g. insert, update, execute) to an user who can access all docs, no matter what roles and privileges they have in db? E.g. some power user to have access (read/write) to all docs, independent of users they were inserted, but to not be admin. RegardsRichard W.
On Tue, Nov 7, 2017 at 19:20, Rob Szkutak<[email protected]> wrote: #yiv8687077562 #yiv8687077562 -- P {margin-top:0;margin-bottom:0;}#yiv8687077562 Hello, One solution to implement this is to use amplified functions (amps). The basic idea is this: * Restrict the document so that the user cannot read or update it. * Create a function which the user must use to read or update the document. * Amplify the function so that the user can read or modify the document only within your function. * Have your function perform the validation check and either perform the desired document operation or return the appropriate invalid document response to the user. Another solution is that every time a document is inserted or updated, you could perform a check if the document is valid or not and assign the appropriate role to it when the document is placed into the database. Something like : let $valid := true or false return xdmp:document-insert("uri", $document, if($valid) then xdmp:permission("user can read") else xdmp:permission("user cannot read")) If required you may also combine these two techniques. Hope this is helpful. Best, Rob Rob SzkutakSenior ConsultantMarkLogic Corporationwww.marklogic.com From: [email protected] <[email protected]> on behalf of Shmennen <[email protected]> Sent: Tuesday, November 7, 2017 10:54:40 AM To: MarkLogic Developer Discussion Subject: [MarkLogic Dev General] Document access based on field value Hello All, Is there any possibility to get access to a document (suppose an XML or JSON) from database only if the value of a tag has a specific values? E.g. user1 can read/modify document if only checktag has value "VALID". <data> <amount>999</amout> <check>VALID</check> </data> - Richard
_______________________________________________ General mailing list [email protected] Manage your subscription at: http://developer.marklogic.com/mailman/listinfo/general
