The instructions may be a little out of date. But with 7.0-4 I needed these:
xdmp:document-get xdmp:eval xdmp:filesystem-directory xdmp:filesystem-file-exists xdmp:invoke xdmp:xslt-invoke I didn't need xdmp:filesystem-file, at least not for the tests I ran. One debugging trick for security is to use the "Describe" tab for the role and user. That shows a compact view of all the grants, which makes it easier to see if anything's missing. I copied the list above directly from the Describe tab for my xray user. -- Mike > On 17 Dec 2014, at 10:26 , Christine Schwartz <[email protected]> > wrote: > > Hi, > > Our developer is trying out xray, the XQuery test framework, and I've run > into a security problem. > > According to the documentation the user needs a role with several execute > privileges: xdmp:eval, xdmp:filesystem-directory, xdmp:filesystem-file, > xdmp:invoke, xdmp:xslt-invoke. Our code is not in the modules db. > > So, I've create a new role with these privileges and assigned that role to > the user, no problem. > > But we keep getting the same error message: > > 500 Internal Server Error > SEC-PRIV: xdmp:filesystem-directory("Apps/theocom-maggie/app/test") -- Need > privilege: http://marklogic.com/xdmp/privileges/xdmp-filesystem-directory > > in /xray/src/modules-filesystem.xqy, at 42:19, > in filesystem-directory-exists("Apps/theocom-maggie/app/test") [1.0-ml] > > $dir = "Apps/theocom-maggie/app/test" > > in /xray/src/modules-filesystem.xqy, at 16:8, > in modules-fs:get-modules("test", "") [1.0-ml] > > $test-dir = "test" > $pattern = "" > $test-dir = "test" > $fs-dir = "Apps/theocom-maggie/app/test" > > in /xray/src/modules.xqy, at 22:9, > in modules:get-modules("test", "") [1.0-ml] > > $test-dir = "test" > $pattern = "" > > in /xray/src/xray.xqy, at 17:32, > in xray:run-tests("test", (), (), "html") [1.0-ml] > > $test-dir = "test" > $module-pattern = () > $test-pattern = () > $format = "html" > > in /xray/, at 18:0 [1.0-ml] > > > > Any ideas where I'm going wrong? > > Thanks, > > Chris > > Christine Schwartz > Metadata Librarian and XML Database Administrator > Princeton Theological Seminary Library > > > _______________________________________________ > General mailing list > [email protected] > http://developer.marklogic.com/mailman/listinfo/general _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
