ml-gradle icon indicating copy to clipboard operation
ml-gradle copied to clipboard

Published 20 hours ago verified publisher icon marklogic

Use privileges over roles in security scaffolding

Open dmcassel opened this issue 4 years ago • 4 comments

Describe the RFE

Exercising Privilege to Restrict Content talks about using privileges (like http://marklogic.com/xdmp/privileges/rest-reader) over roles (like rest-reader). I believe that's generally accepted guidance. Assuming so, I propose changing ml-gradle's scaffolding to set up the default roles to use privileges over roles.

dmcassel avatar Apr 20 '20 13:04 dmcassel

I think the title of this issue got it backwards.. :)

grtjn avatar Apr 21 '21 12:04 grtjn

You're right, @grtjn! fixed

dmcassel avatar Apr 21 '21 12:04 dmcassel

Removing from 4.3, but will get to this some day. PR would be appreciated!

rjrudin avatar Jul 21 '21 17:07 rjrudin

I'm short of spare time at the moment, but who knows. Do you have pointers to relevant code?

grtjn avatar Jul 21 '21 20:07 grtjn

I like doing this, as privileges really are the way to go. Can rethink the generated roles as well. No possibility for a breaking change here as the files are generated and then a user is free to modify them however they see fit.

rjrudin avatar Aug 09 '23 19:08 rjrudin

See https://github.com/marklogic/ml-app-deployer/pull/490

rjrudin avatar Sep 01 '23 14:09 rjrudin