Solutions

Stay on top of everything MarkLogic

Be the first to know! News, product information, and events delivered straight to your inbox.

Sign Me Up

Learn

Stay on top of everything MarkLogic

Be the first to know! News, product information, and events delivered straight to your inbox.

Sign Me Up

Community

Stay on top of everything MarkLogic

Be the first to know! News, product information, and events delivered straight to your inbox.

Sign Me Up

Company

Stay on top of everything MarkLogic

Be the first to know! News, product information, and events delivered straight to your inbox.

Sign Me Up

 
Knowledgebase:
Read only Access User for Webdav
31 March 2015 02:04 PM

Introduction

This article presents the steps to create a Read only Access User and a full access user to a Webdav Server.

Details

For read-only WebDAV access you can connect to WebDAV using the credentials of a user who does not have the rights to insert/update documents. This can be accomplished by creating a user and assigning roles to them through steps given below.

1. If one does not already exist, create a WebDAV server (Instructions available in the MarkLogic Server Administrators Guide)

  • leave default user to "nobody", and 
  • leave required privilege empty

2. Create a role - for the purpose of these instructions, call the new role "Read_only_Access" 

  • After you have entered a name for the new role (Read-Only-Access),  refresh the page and scroll to the "Default Permissions" section near the end of the page. The default permissions section will allow you to assign a capability to a particular role. In this case, we would select the "Read-Only-Access" role from the role drop down as well as the "read" capability.

3. Create a user and grant that user the "Read_only_Access" role.

4. Create another role - for the purpose of these instructions, call the new role "Write_only_Access"

  • After you have entered a name for the new role (Write_only_Access), you can refresh the page and scroll to the "Default Permissions" section near the end of the page. The default permissions section will allow you to assign a capability to a particular role. In this case, we would select the "Write_only_Access" role from the role drop down as well as the "read", "insert","execute" and "update"capabilities.

5. Create another user and grant that user the "Write_only_Access" role.

6. Set permission on the "/" directory so the "Read_only_Access" / "Write_only_Access" role can view/make changes respectivley.  This can also be accomplished by code as well.

   xdmp:document-add-permissions("/",xdmp:permission("Read_only_Access","read"))

  xdmp:document-add-permissions("/",xdmp:permission("Write_only_Access",("read", "insert","execute","update"))

7. When you connect to a WebDAV client, both user will be able to view the root "/" directory, but cannot create files or folders. For this you will need to create a URI privilege for the "/" URI and add the  "Write_only_Access" role.

Now the "Read_only" user can read those documents, and the "Write_only" user can both read and update the documents.

Existing Documents

While the user just created will have expected access to all the new documents, for previously existing documents in the database you will need to add the read permission to the documents contained in your database. This can be accomplished with xdmp:document-add-permission().

For example:
    xdmp:document-add-permissions("/example.xml", xdmp:permission("Read_only_Access", "read"))

MarkLogic Documentation

For more details on how to manage security. please refer to the Security Administration section of our Administrators Guide.

 

 

 

 

(1 vote(s))
Helpful
Not helpful

Comments (0)