[MarkLogic Dev General] Permission on the document level

Danny Sokolsky dsokolsky at marklogic.com
Tue Mar 17 10:38:43 PST 2009 

Hi Galina,

 

I am guessing you mean *permissions* on the document, not privileges.
Documents have permissions on them with a role and a capability (read,
insert, update, or execute).  To read a document, a user needs to have a
role corresponding to a permission with a read capability.

 

Users and roles can also have "default permissions" associated with
them.   When a user creates a document without explicitly setting
permissions, then the default permissions associated with that user are
attached to the created document.  You can set default permissions for a
user or role in the Admin Interface pages for the user and role (see
"default permissions" towards the bottom of those pages).  A user has
the union of default permissions for the user and all of the roles to
which that user belongs.

 

So one scenario might be to set up default permissions for a role (call
it "creator" for this example).  The role "creator" might have default
permissions of "update" and "insert" for the "creator" role, and a
default permission of "read" for the "reader" role.  Then, give that
"creator" role to anyone who creates content, and give the "reader" role
to anyone who reads the content.  You can also give the "reader" role to
the "creator" role (so users with the "creator" role can read the
documents they create).

 

Does that make sense?

 

-Danny 

 

From: general-bounces at developer.marklogic.com
[mailto:general-bounces at developer.marklogic.com] On Behalf Of Pritsker,
Galina
Sent: Tuesday, March 17, 2009 11:16 AM
To: general at developer.marklogic.com
Subject: [MarkLogic Dev General] Permission on the document level

 

Please advise me on the following:

I apply some privileges to all document on the database. Then 2 days
later number of documents were added. How I can keep the default
privileges for the particular user? Next time when a new document added
to the database user automatically will have for example read/write
permission and I would not need to run the script again to add
privileges to the new document

 

Thanks,

Galina

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://xqzone.marklogic.com/pipermail/general/attachments/20090317/5263e470/attachment-0001.html

More information about the General mailing list