[MarkLogic Dev General] REST API allows for downloading of code
Erik.Hennum at marklogic.com
Sat Mar 28 08:08:08 PDT 2015
Starting in 7.0-3 (I think), only a user with the rest-extension-user role can execute a REST extension.
You can define a role that inherits the rest-extension-user role and has the rest-reader privilege (not the rest-reader role) and rest-writer privilege (again, not the role).
I know that users with such roles can execute extensions and read and write documents.
I suspect (but haven't confirmed) that such users can't read extensions.
Hoping that's useful,
From: general-bounces at developer.marklogic.com [general-bounces at developer.marklogic.com] on behalf of Danny Sinang [d.sinang at gmail.com]
Sent: Saturday, March 28, 2015 6:55 AM
Subject: [MarkLogic Dev General] REST API allows for downloading of code
ML apparently allows downloading of code for REST API resource extensions as documented in https://docs.marklogic.com/guide/rest-dev/extensions#id_20662 .
For security purposes, is there a way to control which user can execute these REST API resource extensions and who can download their corresponding code ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the General