[MarkLogic Dev General] Create temporary user
andreas.hubmer at ebcont.com
Mon Sep 18 01:53:24 PDT 2017
No, it has to be JWT. As I understand it, they are not compatible.
2017-09-18 10:09 GMT+02:00 Geert Josten <Geert.Josten at marklogic.com>:
> Could SAML authorization be of use to you? http://docs.marklogic.com
> SAML support was added in MarkLogic 9.
> From: <general-bounces at developer.marklogic.com> on behalf of Andreas
> Hubmer <andreas.hubmer at ebcont.com>
> Reply-To: MarkLogic Developer Discussion <general at developer.marklogic.com>
> Date: Monday, September 18, 2017 at 9:07 AM
> To: MarkLogic Developer Discussion <general at developer.marklogic.com>
> Subject: Re: [MarkLogic Dev General] Create temporary user
> I'll answer for my colleague.
> We'd like to use JSON Web Tokens (JWT) and extract the user roles from the
> The users are managed in an external system and similar to the LDAP
> connection we want to avoid that every user has to be created/updated in
> MarkLogic too.
> Amps do not give the same flexibility as a temporary user with an
> arbitrary combination of roles.
> 2017-09-15 17:50 GMT+02:00 Justin Makeig <Justin.Makeig at marklogic.com>:
>> Rather than describe your solution, can you explain the problem you’re
>> trying to solve? Why do you think you need a temporary user? What
>> permission/privilege challenge are you trying to address?
>> You might also take a look at amps <https://docs.marklogic.com/gu
>> ide/admin/security#id_81246>. An amp allows a security administrator to
>> elevate the privileges of a specific function. This is beneficial in that
>> the security is defined in configuration, not code.
>> Justin Makeig
>> Senior Director, Product Management
>> jmakeig at marklogic.com
>> > On Sep 15, 2017, at 4:29 AM, Andreas Holzgethan <
>> andreas.holzgethan at ebcont.com> wrote:
>> > Hi @all,
>> > I need the possibility to create temporary user for a transaction.
>> > I just found in the documentation that such a functionality is used
>> when for example LDAP is configured as an external security.
>> > Could you please explain me how this is done there?
>> > My thirst thought was to create a user with the function
>> "sec:create-user-with-role". At the end of the transaction I would just
>> call the function "sec:remove-user".
>> > Could you please give me feedback about this implementation?
>> > Is such a implementation a big influence on the performance?
>> > Thanks!
>> > Best regards
>> > Andreas Holzgethan
>> > Andreas Holzgethan BSc.
>> > IT Consultant
> Andreas Hubmer
> Senior IT Consultant
> EBCONT enterprise technologies GmbH
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the General