Here's what I'd suggest, if I understand your needs correctly: Create a new "public" role and user (not inheriting any other role). Give the role whatever privs are necessary (set response headers, etc). Give the role read perms on every document they should see. Create a library that does the logging via database writes. Use "amps" on the library so the user can call the library to do the writes but only in a managed way.
Result: Users in this role can see everything, change nothing on their own, but still log queries and errors via calls to your code. -jh- On Jul 19, 2011, at 2:10 PM, Tim Finney wrote: > Hi All, > > Further to the other messages of today relating to user credentials, I > want to use xqmvc as a pattern for an app which will allow lots of > nobodies to search and see documents in a database. The nobodies should > not have to log in to do this. These nobodies may even need to trigger > database updates (e.g. so that their search strings and error reports > can be recorded). > > Also, I wouldn't mind knowing the recommended set up for an app based on > xqmvc that, say, asks a series of questions to log in a user. (Having to > give the nobody user the admin role so that the log in dialog can be > served doesn't seem like a good idea.) > > Is there a how-to that says what is the best way to do this with ML? > (I'd love to see a "Suggested security patterns for common use cases" > recipe doc.) I have seen this thread mentioned earlier today: > > http://marklogic.markmail.org/thread/qksxukhdbdri6ozx > > I also saw Justin Makeig's reply to Manoj, which gives me a clue about > how to do the "many nobodies" case above. > > Best, > > Tim Finney > > _______________________________________________ > General mailing list > General@developer.marklogic.com > http://developer.marklogic.com/mailman/listinfo/general _______________________________________________ General mailing list General@developer.marklogic.com http://developer.marklogic.com/mailman/listinfo/general
