I have a marklogic cluster (v8) with several databases and users. I want to create specific permissions for each users (like grant permissions in SQL), for example :
- User "project1-reader" can only read on database "project1"
- User "project1-writer" can only read and write on database "project1"
- User "project1-admin" can administrate database "project1"
and all these users cannot access to "project2" database.
Any idea ? :)
Thank you ! Romain.
A database can only be accessed externally through an app server. An app server allows an administrator to configure a privilege that’s required to access it. (Privileges are associated with roles and a user has zero or more roles.) There’s not currently a way to restrict this at the database level. I’ve added your request to an existing enhancement request that we’re using to track this.
From within code running in an app server, xdmp:eval or xdmp:invoke also allow you to run code in the context of another database. However, only users with roles that have specific eval privileges are able change the database context. That is not the default setting and must be explicitly granted (or amped) by an administrator. Again, this isn't more granular than any or none. Take a look at the “Security Guide” for more information.
