[MarkLogic Dev General] Creating user with read-only permission

semerau at hotmail.com semerau at hotmail.com
Fri Aug 31 09:58:00 PDT 2012


Yeah I'd say the problem is that you conceptually have two roles but technically only have one.

If users operate being able to read docs  or be able to read and write docs, then you need two roles to support that. 

Change the permissions on the docs so that x-user can read but only x-admin can update. 

Changing 10 mil docs isn't too bad. Get the Uris you want to update using cts:Uris or something and the spawn the permission changing onto the task server. 

I just did this the other day with about 244000 docs and it took maybe 20 min

Yours will be longer but spawning will just run in the background anyway. 

Sent from my iPhone

On Aug 31, 2012, at 9:57 AM, "Danny Sinang" <d.sinang at gmail.com> wrote:

> Hi Will,
> 
> The default permissions are as follows :
> 
> x-user : read
> 
> x-user : insert
> 
> x-user : update
> 
> x-user : execute
> 
> security : read
> 
> secuirty : insert
> 
> security : update
> 
> 
> 
> 
> 
> 
> 
> 
> I haven't tried creating a role with x-admin : read as you are suggesting.
> 
> I tried, last night, creating a role with x-user : read. But that didn't work. Couldn't even read the data.
> 
> Regards,
> Danny
> 
> On Fri, Aug 31, 2012 at 11:25 AM, Will Thompson <wthompson at jonesmcclure.com> wrote:
> Danny,
> 
>  
> 
> What default permissions, if any, are set on your documents? Have you tried creating a role with only x-admin : read?
> 
>  
> 
> -W
> 
>  
> 
>  
> 
> From: general-bounces at developer.marklogic.com [mailto:general-bounces at developer.marklogic.com] On Behalf Of Danny Sinang
> Sent: Friday, August 31, 2012 6:57 AM
> To: general
> Subject: [MarkLogic Dev General] Creating user with read-only permission
> 
>  
> 
> Hi,
> 
>  
> 
> I need to create users with read-only permission over all our documents but, from what I've read, it looks like I have to update the permissions on all documents to do this.
> 
>  
> 
> We've got around 10 million documents in ML and all of them were created using a user called "x-admin-user" who is assigned the following roles :
> 
>  
> 
> admin
> 
> security
> 
> dls-user
> 
> dls-admin
> 
> x-admin
> 
>  
> 
> The x-admin role has the following default permissions :
> 
>  
> 
> x-user : read
> 
> x-user : insert
> 
> x-user : update
> 
> x-user : execute
> 
>  
> 
> So far, the only way I can give my new users access to our data is to give them the role of "x-user" but that gives them update privileges as well.
> 
>  
> 
> Is there an easier way to grant read-only access ?
> 
>  
> 
> Regards,
> Danny
> 
>  
> 
> 
> _______________________________________________
> General mailing list
> General at developer.marklogic.com
> http://developer.marklogic.com/mailman/listinfo/general
> 
> 
> _______________________________________________
> General mailing list
> General at developer.marklogic.com
> http://developer.marklogic.com/mailman/listinfo/general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://developer.marklogic.com/pipermail/general/attachments/20120831/4e4bcb59/attachment-0001.html 
-------------- next part --------------
_______________________________________________
General mailing list
General at developer.marklogic.com
http://developer.marklogic.com/mailman/listinfo/general


More information about the General mailing list