roxy icon indicating copy to clipboard operation
roxy copied to clipboard

Published 20 hours ago verified publisher icon marklogic-community

Protected Collections

Open prestonmcgowan opened this issue 11 years ago • 5 comments

Roxy does not allow for me to bootstrap a protected collection.

(sec:collection-add-permissions)

prestonmcgowan avatar Feb 21 '14 13:02 prestonmcgowan

Not sure if I'm hitting this or just not using the Roxy config files right.

I'm trying to configure protected collections at /configuration/collections and pointing to them via URI from a /configuration/roles/role/collections/collection:

I have the following in my ml-config.xml at /configuration/collections:

<collection>
  <uri>SomeCollectionURI</uri>
  <permissions>
    <permission>
      <capability>read</capability>
      <role-name>SomeUserRole</role-name>
    </permission>
  </permissions>
</collection>

And the following at a /configuration/roles/role:

<role>
  <role-name>SomeUserRole</role-name>
  <description>SomeDescription</description>
  <role-names/>
  <permissions/>
  <privileges/>
  <collections>
    <collection>SomeCollectionURI</collection>
  </collections>
</role>

Am I doing it wrong, or does this require an app_specific step at this point because it's not yet supported?

mflatscher avatar Feb 06 '15 02:02 mflatscher

Not supported yet. You could work around it with app_specific (you could share such code here for others), or help us implement it and do a pull-request.. ;-)

grtjn avatar Feb 06 '15 05:02 grtjn

When will this be supported? It's an important and a basic feature?

sashamitrovich avatar Aug 02 '16 07:08 sashamitrovich

Protected collections would make sense if you have an application or situation in which end users can randomly add documents to collections, and you would want to exclude the ability to add to some specific important ones. But usually end users can't add documents to collections themselves, or you can easily prefix those to prevent collision with others.

Protected collections also work differently than people usually think. It is not a convenient and easy way to change permissions for groups of documents for instance, and a document being in a protected collection won't prevent users that can't add documents to such collection from seeing them. The usefulness of protected collections is rather small, and it is not used that much at all..

grtjn avatar Aug 18 '16 07:08 grtjn

But if you are willing to edit deploy/lib/xquery/setup.xqy, I'd very much welcome a PR. I could support you with the editing if you like..

grtjn avatar Aug 18 '16 07:08 grtjn