data-explorer icon indicating copy to clipboard operation
data-explorer copied to clipboard

Published 20 hours ago verified publisher icon marklogic-community

MANAGE-INVALIDCONFIG: Invalid privilege

Open cskeefer opened this issue 6 years ago • 2 comments

When deploying the application to a MarkLogic 8 instance (8.0-6.7) I am receiving the following error when the role defined in ml-config/security/roles/data-explorer-ext-amp-role.json is attempted to be created:

2018-03-18 06:17:51.142 Info: Manage: MANAGE-INVALIDCONFIG: (err:FOER0000) Invalid server configuration: Invalid privilege 2018-03-18 06:17:51.142 Info: Manage: 387:16:/MarkLogic/manage/endpoints/security/roles.xqy 2018-03-18 06:17:51.142 Debug: Manage: <error:error xsi:schemaLocation="http://marklogic.com/xdmp/error error.xsd" xmlns:error="http://marklogic.com/xdmp/error" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> 2018-03-18 06:17:51.142 Debug: Manage: error:codeMANAGE-INVALIDCONFIG</error:code> 2018-03-18 06:17:51.142 Debug: Manage: error:nameerr:FOER0000</error:name> 2018-03-18 06:17:51.142 Debug: Manage: error:xquery-version1.0-ml</error:xquery-version> 2018-03-18 06:17:51.142 Debug: Manage: error:messageInvalid server configuration: </error:message> 2018-03-18 06:17:51.142 Debug: Manage: error:format-stringMANAGE-INVALIDCONFIG: (err:FOER0000) Invalid server configuration: Invalid privilege</error:format-string> 2018-03-18 06:17:51.142 Debug: Manage: error:retryablefalse</error:retryable> 2018-03-18 06:17:51.142 Debug: Manage: error:expr </error:expr> 2018-03-18 06:17:51.142 Debug: Manage: error:data 2018-03-18 06:17:51.142 Debug: Manage: error:datumInvalid privilege</error:datum> 2018-03-18 06:17:51.142 Debug: Manage: </error:data> 2018-03-18 06:17:51.142 Debug: Manage: error:stack 2018-03-18 06:17:51.142 Debug: Manage: error:frame 2018-03-18 06:17:51.142 Debug: Manage: error:uri/MarkLogic/manage/endpoints/security/roles.xqy</error:uri> 2018-03-18 06:17:51.142 Debug: Manage: error:line387</error:line> 2018-03-18 06:17:51.142 Debug: Manage: error:column16</error:column> 2018-03-18 06:17:51.142 Debug: Manage: error:operationroles:do-create(map:map(<map:map xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" .../>), <role-properties xmlns="http://marklogic.com/manage/role/properties">...</role-properties>)</error:operation> 2018-03-18 06:17:51.142 Debug: Manage: error:variables 2018-03-18 06:17:51.142 Debug: Manage: error:variable

ML8 doesn't seem to know about the privilege term-query.

Note: I upgraded to MarkLogic 8.0-8.1 and see the same issue

cskeefer avatar Apr 30 '18 22:04 cskeefer

The problem is the following execute privileges in ml-config/security/roles/data-explorer-ext-amp-role.json are new in ML9 (so not available in ML8):

{
    "privilege-name": "cts:term-query",
    "action": "http://marklogic.com/xdmp/privileges/term-query",
    "kind": "execute"
}

{
    "privilege-name" : "admin-database",
    "action" : "http://marklogic.com/xdmp/privileges/admin/database",
    "kind" : "execute"
}

The first allows access to cts:term-query which is used to get the list of root elements in the database. That is used when creating a query based on documents in the database.

The second is used to get range indexes that help in figuring out type info for a search field.

Unless anyone has another suggestion, I'll make similarly named execute privileges that will mirror these two and work in both ML8 and ML9.

cskeefer avatar Aug 02 '18 14:08 cskeefer

Rather than solution described above, added a gradle-ml8.properties file to handle it. See the associated pull request #175

cskeefer avatar Oct 27 '18 13:10 cskeefer