Thank you! I’m still getting the same permission denied exception, but I’ll amp those functions to the pipeline-execution role.
> On Dec 2, 2015, at 2:00 PM, [email protected] wrote: > > Send General mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://developer.marklogic.com/mailman/listinfo/general > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of General digest..." > > > Today's Topics: > > 1. CPF and limited-privilege users (Katherine Ford) > 2. Re: CPF and limited-privilege users (Mary Holstege) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 2 Dec 2015 19:31:58 +0000 > From: Katherine Ford <[email protected]> > Subject: [MarkLogic Dev General] CPF and limited-privilege users > To: "[email protected]" > <[email protected]> > Message-ID: <[email protected]> > Content-Type: text/plain; charset="us-ascii" > > An HTML attachment was scrubbed... > URL: > http://developer.marklogic.com/pipermail/general/attachments/20151202/5df56c7e/attachment-0001.html > > > ------------------------------ > > Message: 2 > Date: Wed, 2 Dec 2015 11:46:24 -0800 > From: Mary Holstege <[email protected]> > Subject: Re: [MarkLogic Dev General] CPF and limited-privilege users > To: "[email protected]" > <[email protected]>, Katherine Ford > <[email protected]> > Message-ID: <[email protected]> > Content-Type: text/plain; charset="utf-8"; format=flowed; delsp=yes > > On Wed, 02 Dec 2015 11:31:58 -0800, Katherine Ford <[email protected]> > wrote: > >> I have a CPF domain that includes some documents inserted via XCC. XCC >> uses >> credentials for a limited user, and the XCC request calls an amped >> function to >> insert the documents. When the documents are inserted, >> cpf/triggers/on-create.xqy >> is triggered, and fails (SEC-PERMDENIED), because it is evaluated as the >> limited >> user without the privileges to change the documents? properties. >> >> >> Is there a safe way to amp the functions in cpf.xqy that set document >> properties, >> or some other workaround for when the user who loads a document only has >> the >> privileges to modify the document temporarily? Any ideas? >> >> >> -Katherine > > > You should give your limited user the pipeline-execution role - this > already has a bunch of amps for various privileged operations CPF uses. If > there are other functions that you need to amp, I would amp them to that > role. > > //Mary > > > ------------------------------ > > _______________________________________________ > General mailing list > [email protected] > Manage your subscription at: > http://developer.marklogic.com/mailman/listinfo/general > > > End of General Digest, Vol 138, Issue 4 > *************************************** _______________________________________________ General mailing list [email protected] Manage your subscription at: http://developer.marklogic.com/mailman/listinfo/general
