[MarkLogic Dev General] Create temporary user

Andreas Hubmer andreas.hubmer at ebcont.com
Mon Sep 18 00:07:32 PDT 2017


Justin,

I'll answer for my colleague.
We'd like to use JSON Web Tokens (JWT) and extract the user roles from the
token.
The users are managed in an external system and similar to the LDAP
connection we want to avoid that every user has to be created/updated in
MarkLogic too.

Amps do not give the same flexibility as a temporary user with an arbitrary
combination of roles.

Thanks,
Andreas

2017-09-15 17:50 GMT+02:00 Justin Makeig <Justin.Makeig at marklogic.com>:

> Andreas,
> Rather than describe your solution, can you explain the problem you’re
> trying to solve? Why do you think you need a temporary user? What
> permission/privilege challenge are you trying to address?
>
> You might also take a look at amps <https://docs.marklogic.com/
> guide/admin/security#id_81246>. An amp allows a security administrator to
> elevate the privileges of a specific function. This is beneficial in that
> the security is defined in configuration, not code.
>
> Justin
>
>
> --
> Justin Makeig
> Senior Director, Product Management
> MarkLogic
> jmakeig at marklogic.com
>
>
>
> > On Sep 15, 2017, at 4:29 AM, Andreas Holzgethan <
> andreas.holzgethan at ebcont.com> wrote:
> >
> > Hi @all,
> >
> > I need the possibility to create temporary user for a transaction.
> > I just found in the documentation that such a functionality is used when
> for example LDAP is configured as an external security.
> >
> > Could you please explain me how this is done there?
> >
> > My thirst thought was to create a user with the function
> "sec:create-user-with-role". At the end of the transaction I would just
> call the function "sec:remove-user".
> > Could you please give me feedback about this implementation?
> > Is such a implementation a big influence on the performance?
> >
> > Thanks!
> >
> > Best regards
> > Andreas Holzgethan
> >
> > Andreas Holzgethan BSc.
> >
> > IT Consultant
>

-- 
Andreas Hubmer
Senior IT Consultant

EBCONT enterprise technologies GmbH
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://developer.marklogic.com/pipermail/general/attachments/20170918/262f13f5/attachment.html 


More information about the General mailing list