[MarkLogic Dev General] Create temporary user

Andreas Hubmer andreas.hubmer at ebcont.com
Mon Sep 18 01:53:24 PDT 2017


No, it has to be JWT. As I understand it, they are not compatible.


2017-09-18 10:09 GMT+02:00 Geert Josten <Geert.Josten at marklogic.com>:

> Could SAML authorization be of use to you? http://docs.marklogic.com
> /guide/security/external-auth#id_81653
>
> SAML support was added in MarkLogic 9.
>
> Cheers,
> Geert
>
> From: <general-bounces at developer.marklogic.com> on behalf of Andreas
> Hubmer <andreas.hubmer at ebcont.com>
> Reply-To: MarkLogic Developer Discussion <general at developer.marklogic.com>
> Date: Monday, September 18, 2017 at 9:07 AM
> To: MarkLogic Developer Discussion <general at developer.marklogic.com>
> Subject: Re: [MarkLogic Dev General] Create temporary user
>
> Justin,
>
> I'll answer for my colleague.
> We'd like to use JSON Web Tokens (JWT) and extract the user roles from the
> token.
> The users are managed in an external system and similar to the LDAP
> connection we want to avoid that every user has to be created/updated in
> MarkLogic too.
>
> Amps do not give the same flexibility as a temporary user with an
> arbitrary combination of roles.
>
> Thanks,
> Andreas
>
> 2017-09-15 17:50 GMT+02:00 Justin Makeig <Justin.Makeig at marklogic.com>:
>
>> Andreas,
>> Rather than describe your solution, can you explain the problem you’re
>> trying to solve? Why do you think you need a temporary user? What
>> permission/privilege challenge are you trying to address?
>>
>> You might also take a look at amps <https://docs.marklogic.com/gu
>> ide/admin/security#id_81246>. An amp allows a security administrator to
>> elevate the privileges of a specific function. This is beneficial in that
>> the security is defined in configuration, not code.
>>
>> Justin
>>
>>
>> --
>> Justin Makeig
>> Senior Director, Product Management
>> MarkLogic
>> jmakeig at marklogic.com
>>
>>
>>
>> > On Sep 15, 2017, at 4:29 AM, Andreas Holzgethan <
>> andreas.holzgethan at ebcont.com> wrote:
>> >
>> > Hi @all,
>> >
>> > I need the possibility to create temporary user for a transaction.
>> > I just found in the documentation that such a functionality is used
>> when for example LDAP is configured as an external security.
>> >
>> > Could you please explain me how this is done there?
>> >
>> > My thirst thought was to create a user with the function
>> "sec:create-user-with-role". At the end of the transaction I would just
>> call the function "sec:remove-user".
>> > Could you please give me feedback about this implementation?
>> > Is such a implementation a big influence on the performance?
>> >
>> > Thanks!
>> >
>> > Best regards
>> > Andreas Holzgethan
>> >
>> > Andreas Holzgethan BSc.
>> >
>> > IT Consultant
>>
>
> --
> Andreas Hubmer
> Senior IT Consultant
>
> EBCONT enterprise technologies GmbH
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://developer.marklogic.com/pipermail/general/attachments/20170918/a7631ed8/attachment-0001.html 


More information about the General mailing list