Justin, I'll answer for my colleague. We'd like to use JSON Web Tokens (JWT) and extract the user roles from the token. The users are managed in an external system and similar to the LDAP connection we want to avoid that every user has to be created/updated in MarkLogic too.
Amps do not give the same flexibility as a temporary user with an arbitrary combination of roles. Thanks, Andreas 2017-09-15 17:50 GMT+02:00 Justin Makeig <[email protected]>: > Andreas, > Rather than describe your solution, can you explain the problem you’re > trying to solve? Why do you think you need a temporary user? What > permission/privilege challenge are you trying to address? > > You might also take a look at amps <https://docs.marklogic.com/ > guide/admin/security#id_81246>. An amp allows a security administrator to > elevate the privileges of a specific function. This is beneficial in that > the security is defined in configuration, not code. > > Justin > > > -- > Justin Makeig > Senior Director, Product Management > MarkLogic > [email protected] > > > > > On Sep 15, 2017, at 4:29 AM, Andreas Holzgethan < > [email protected]> wrote: > > > > Hi @all, > > > > I need the possibility to create temporary user for a transaction. > > I just found in the documentation that such a functionality is used when > for example LDAP is configured as an external security. > > > > Could you please explain me how this is done there? > > > > My thirst thought was to create a user with the function > "sec:create-user-with-role". At the end of the transaction I would just > call the function "sec:remove-user". > > Could you please give me feedback about this implementation? > > Is such a implementation a big influence on the performance? > > > > Thanks! > > > > Best regards > > Andreas Holzgethan > > > > Andreas Holzgethan BSc. > > > > IT Consultant > -- Andreas Hubmer Senior IT Consultant EBCONT enterprise technologies GmbH
_______________________________________________ General mailing list [email protected] Manage your subscription at: http://developer.marklogic.com/mailman/listinfo/general
