MarkLogic Element Security, from ambiguity to clarity

Question

User: auditor

Role: rest-reader rest-writer

Path Expression: /national-treasure/revenue
Permissions: pii-reader ( update ) pii-reader ( read )

I confirmed that auditor can’t read the /national-treasure/revenue element. But it can delete this document:

Jul 06, 2020 4:48:52 PM com.fc.allegro6.DeleteDocument deleteDocument
INFO: Delete Document /national-treasure/rocky-mountains.xml
Jul 06, 2020 4:48:52 PM com.marklogic.client.impl.DocumentManagerImpl delete
INFO: Deleting /national-treasure/rocky-mountains.xml
Deleted

I wonder whether a document can be safeguarded from update(delete) through element security or privilege.

pii-reader with read permission can update protected path:

User: auditor

Role: pii-reader

Path Expression:/national-treasure/revenue Permissions: pii-reader(read)

original node:

     <established>1885-01-01</established>
   </highlights>
   <revenue>CAN$6 billion/annual</revenue>
</national-treasure>

node-replace:

let $txn := "xquery version '1.0-ml';
             xdmp:node-replace(//revenue, <revenue>CAN$7 Trillion/annual</revenue>)"
……………………………
  <user-id>{xdmp:user("auditor")}</user-id>

node-replace result:

     <established>1885-01-01</established>
   </highlights>
   <revenue>CAN$7 Trillion/annual</revenue>
</national-treasure>

Similarly, node-delete goes through as well.

Answer 1

Unfortunately, Element Level Security only concerns read access to elements and properties in protected paths. You would have to work with document-level permissions to prevent deletion in case there is PII involved.

I could imagine you have a compartmented role called pii-updater. Users would then need to have that role to be able to update or delete the document.

HTH!