Reputation: 1205
How to restrict user to its own database
I have a marklogic cluster (v8) with several databases and users. I want to create specific permissions for each users (like grant permissions in SQL), for example :
- User "project1-reader" can only read on database "project1"
- User "project1-writer" can only read and write on database "project1"
- User "project1-admin" can administrate database "project1"
and all these users cannot access to "project2" database.
Any idea ? :)
Thank you ! Romain.
Upvotes: 2
Views: 271
Answers (1)
Reputation: 2137
A database can only be accessed externally through an app server. An app server allows an administrator to configure a privilege that’s required to access it. (Privileges are associated with roles and a user has zero or more roles.) There’s not currently a way to restrict this at the database level. I’ve added your request to an existing enhancement request that we’re using to track this.
From within code running in an app server, xdmp:eval or xdmp:invoke also allow you to run code in the context of another database. However, only users with roles that have specific eval privileges are able change the database context. That is not the default setting and must be explicitly granted (or amped) by an administrator. Again, this isn't more granular than any or none. Take a look at the “Security Guide” for more information.
Upvotes: 3
Related Questions
- Marklogic Datahub: How to make a database invisible to a particular user accout
- Restrict user access
- Prevent privileges for user
- Create user that can only SEE one database, and only select from it?
- Controlling Database and Documents access in Marklogic Query console
- Allow DBMS User Connection only through specific Application
- Create user that has permission only to given database
- Hide a marklogic database to specific user (permissions)
- SQLServer 2014 - have user access only one database
- Restrict database for only one user