如何授予http://marklogic.com/xdmp/privileges/get-role特权? [英] How to grant http://marklogic.com/xdmp/privileges/get-role privilege?

问题描述

我正在拨打sec:role-exists().我试图弄清楚需要什么权限才能将此功能授予管理员以外的其他人.我返回的错误表示我需要 http://marklogic.com/xdmp/privileges/获得角色权限.

I am making a call to sec:role-exists(). I am trying to figure out what permissions are needed to grant this ability to someone other than admin. The error I am getting back implies that I need the http://marklogic.com/xdmp/privileges/get-role privilege.

SEC-PRIVDNE: xdmp:security-assert("http://marklogic.com/xdmp/privileges/get-role", "execute") -- Privilege does not exist: action(http://marklogic.com/xdmp/privileges/get-role), kind(execute)

但是，当我尝试使用管理员帐户通过sec:privilege-add-roles授予此角色时，它告诉我该特权不存在.

However, when I try to grant this role using the admin account via sec:privilege-add-roles, it tells me that the privilege does not exist.

[1.0-ml] SEC-PRIVDNE: (err:FOER0000) Privilege does not exist: action(http://marklogic.com/xdmp/privileges/get-role), kind(execute)

有什么想法吗?

这是我用来授予代码的代码段，我以admin身份运行.

Here is a snippet of the code I am using to grant, which I am running as admin.

(: grant the needed privileges to the role :)
let $grant_privs :=
xdmp:invoke-function(
  function() {
    let $required_roles := (
      "http://marklogic.com/xdmp/privileges/create-role",
      "http://marklogic.com/xdmp/privileges/remove-role",
      "http://marklogic.com/xdmp/privileges/get-role-ids",
      "http://marklogic.com/xdmp/privileges/get-role-names",
      "http://marklogic.com/xdmp/privileges/get-role",
      "http://marklogic.com/xdmp/privileges/xdmp-invoke-in",
      "http://marklogic.com/xdmp/privileges/xdmp-invoke"
    )

    return
      for $r in $required_roles
        return
          sec:privilege-add-roles(
            $r,
            "execute",
            "auth-lib"
          )
  },
  <options xmlns="xdmp:eval">
    <database>{ xdmp:security-database() }</database>
    <transaction-mode>update-auto-commit</transaction-mode>
    <isolation>different-transaction</isolation>
  </options>
)

推荐答案

实际上是在安装时未创建特权的错误.在下一个版本中将对此进行补救，但是在此期间，您可以在安全性数据库中手动创建它.

It's actually a bug that the privilege wasn't created at installation. This will be remedied in the next release, but in the interim you can create it in your security database manually.

sec:create-privilege(
  "role-exists",
  "http://marklogic.com/xdmp/privileges/get-role",
  "execute",
  "security")

这篇关于如何授予http://marklogic.com/xdmp/privileges/get-role特权?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！