[MarkLogic Dev General] CQ v4.0-1.1 - Explore link does not work when user accessing CQ has the minimum required permissions

Mike Bowers BowersMT at ldschurch.org
Tue Oct 28 13:30:52 PST 2008


Thanks Mike, 

The new privileges did the trick.

-----Original Message-----
From: general-bounces at developer.marklogic.com [mailto:general-bounces at developer.marklogic.com] On Behalf Of Michael Blakeley
Sent: Monday, October 27, 2008 11:22 AM
To: General Mark Logic Developer Discussion
Subject: Re: [MarkLogic Dev General] CQ v4.0-1.1 - Explore link does not work when user accessing CQ has the minimum required permissions

Mike,

Thanks for the report: that's a bug in cq, and I'll add a check for the 
missing privileges in the next release. Meanwhile you can simply add 
them to the role you're using for cq (I usually create a 'cq' role, and 
grant it all the necessary privileges).

The extra privileges are:

http://marklogic.com/xdmp/privileges/xdmp-eval-modules-change
http://marklogic.com/xdmp/privileges/xdmp-eval-modules-change-file
http://marklogic.com/xdmp/privileges/xdmp-invoke-modules-change
http://marklogic.com/xdmp/privileges/xdmp-invoke-modules-change-file

-- Mike

Mike Bowers wrote:
> CQ v4.0-1.1 - The Explore link does not have enough permissions to work when accessed by a user with the following permissions. (These are the permissions listed by the CQ app as required.)
> 
> http://marklogic.com/xdmp/privileges/admin-module-read
> http://marklogic.com/xdmp/privileges/xdmp-document-get
> http://marklogic.com/xdmp/privileges/xdmp-eval
> http://marklogic.com/xdmp/privileges/xdmp-eval-in
> http://marklogic.com/xdmp/privileges/xdmp-filesystem-directory
> http://marklogic.com/xdmp/privileges/xdmp-invoke
> http://marklogic.com/xdmp/privileges/xdmp-invoke-in
> http://marklogic.com/xdmp/privileges/xdmp-add-response-header
> http://marklogic.com/xdmp/privileges/xdmp-save
> 
> 
> Using the Admin interface, I granted the following execute privileges to the user accessing CQ.
> 
> Execute Privileges
> admin-module-read
> xdmp:add-response-header
> xdmp:document-get
> xdmp:eval
> xdmp:eval-in
> xdmp:filesystem-directory
> xdmp:invoke
> xdmp:invoke-in
> xdmp:save
> 
> 
> Below is the error returned by CQ.
> 500 Internal Server Error
> SEC-PRIV: xdmp:invoke("explore-invokable.xqy", (QName("", "START"), 1, QName("", "SIZE"), ...), <options xmlns="xdmp:eval"><database>16598281688763691163</database><root>Docs/cq/</root><m...</options>) -- Insufficient privileges
> in /cq/explore.xqy, on line 61 [1.0-ml]
> $options = <options xmlns="xdmp:eval"><database>16598281688763691163</database><root>Docs/cq/</root><m...</options>
> $d = ()
> $filter = ()
> $filter = ()
> 
> 
> 
> Best Regards,
>    Mike Bowers
>    Principal Database Engineer
>    (801) 240-0720
> 
> ----------------------------------------------------------------------
> NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> General mailing list
> General at developer.marklogic.com
> http://xqzone.com/mailman/listinfo/general

_______________________________________________
General mailing list
General at developer.marklogic.com
http://xqzone.com/mailman/listinfo/general

----------------------------------------------------------------------
NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.


More information about the General mailing list