SUMMARY:
Prior to MarkLogic 4.1-5, role-ids were randomly generated. We now use a hash algothm that ensures that roles created with the same name will be assigned the same role-id. When attempting to migrate data from a forest created prior to MarkLogic 4.1-5 to a newer installation can cause the user to be met with a "role not defined error". In order to work around this issue, we will need to create a new role with the role-id defined in the legacy system.
Procedure:
This process creates a new role with the same role-id from your legacy installation and assigns this old role to your new role with the correct name.
Step 1: You will need to find the role-id of the legacy role. This will need to be run against the security DB on the legacy server.
<code>
xquery version "1.0-ml";
import module namespace sec="http://marklogic.com/xdmp/security" at
"/MarkLogic/security.xqy";
let $role-name := "Enter Roll Name Here"
return
/sec:role[./sec:role-name=$role-name]/sec:role-id/text()
</code>
Step 2: In the new environment, store the attached module to the following location on the host containing the security DB.
/opt/MarkLogic/Modules/role-edit/create-master-role.xqy
Step 3: Ensure that you have created the role on the new cluster.
Step 4: Run the following code against the new clusters security DB. This will create a new role with the legacy role-id. Be sure to enter the role name, description, and role-id from Step 1.
<code>
xquery version "1.0-ml";
import module namespace cmr="http://role-edit.com/create-master-role" at
"/role-edit/create-master-role.xqy";
let $role-name := "ENTER ROLE NAME"
let $role-description := "ENTER ROLE DESCRIPTION"
let $legacy-role-id := 11658627418524087702 (: Replace this with the Role ID from Step 1:)
let $legacy-role := fn:concat($role-name,"-legacy")
let $legacy-role-create := cmr:create-role-with-id($legacy-role, $role-description, (), (), (), $legacy-role-id)
return
fn:concat("Inserted role named ",$legacy-role," with id of ",$legacy-role-id)
</code>
Step 5: Run the following code against the new clusters security database to assign the legacy role to the new role.
<code>
xquery version "1.0-ml";
import module namespace sec="http://marklogic.com/xdmp/security" at
"/MarkLogic/security.xqy";
let $role-name := "ENTER ROLE NAME"
let $legacy-role := fn:concat($role-name,"-legacy")
return
(
sec:role-set-roles($role-name, ($legacy-role)),
"Assigned ",$legacy-role," role to ",$role-name," role"
)
</code>
You should now have a new role named [your-role]-legacy. This legacy role will contain the role-id from your legacy installation and will be assigned to [your-role] on the new installation. Legacy documents in your DB will now have the same rights they had in the legacy system.