-
Notifications
You must be signed in to change notification settings - Fork 0
Security
Roxy lets you configure your application's security, so that roles, users, privileges and amps get set up when you bootstrap. Here's how to work with each of them.
Roles are the foundation of security within MarkLogic. The default.properties file specifies an application-specific role that will be given the permissions and privileges needed to run your application and to read and update your data, as well as read and execute your modules.
# The role that is given permissions and execute privileges
app-role=${app-name}-role
To give it a different name, you can override this setting in build.properties.
The app-role's initial configuration is provided in ml-config.xml. Here are examples of adding more details to the default role configuration:
<sec:role>
<sec:role-name>@ml.app-role</sec:role-name>
<sec:description>A role for users of the @ml.app-name application</sec:description>
<sec:role-names>
<sec:role-name>some-role</sec:role-name>
</sec:role-names>
<sec:permissions>
<sec:permission>
<sec:role-name>some-role</sec:role-name>
<sec:capability>read</sec:capability>
</sec:permission>
</sec:permissions>
<sec:collections>
<sec:collection>junk</sec:collection>
</sec:collections>
<sec:privileges>
<sec:privilege>
<sec:privilege-name>xdmp:add-response-header</sec:privilege-name>
</sec:privilege>
<sec:privilege>
<sec:privilege-name>unprotected-uri</sec:privilege-name>
</sec:privilege>
<sec:privilege>
<sec:privilege-name>user-get-roles</sec:privilege-name>
</sec:privilege>
<sec:privilege>
<sec:privilege-name>xdmp:eval</sec:privilege-name>
</sec:privilege>
<sec:privilege>
<sec:privilege-name>xdmp:eval-in</sec:privilege-name>
</sec:privilege>
<sec:privilege>
<sec:privilege-name>xdmp:invoke</sec:privilege-name>
</sec:privilege>
<sec:privilege>
<sec:privilege-name>xdmp:invoke-in</sec:privilege-name>
</sec:privilege>
<sec:privilege>
<sec:privilege-name>xdmp:value</sec:privilege-name>
</sec:privilege>
</sec:privileges>
</sec:role>
You can additional sec:role elements to define more roles.
In an application with application-layer security, you will need to select a default user. Choosing admin effectively turns off security. You can use the built-in "nobody" user, but you might need a different set of privileges. Rather than potentially affecting other applications on the server, it's better to set up your own roles and create your own user. The default user is set in build.properties:
#
# The user used as the default user in application level authentication.
# Using the admin user as the default user is equivalent to turning security off.
#
# default-user=${app-name}-user
The property is initially commented out, but to change it, you can un-comment it and set it to whatever name you like. Your ml-config.xml file has examples of adding roles. To set permissions and collections at the user level, follow the same format used to set them for roles.
You may have noticed that privileges are referred to by name only in the role definition section above. Your application may need both built-in privileges and custom privileges for your application. Custom privileges are defined under /configuration/sec:privileges -- these privileges will be created with bootstrap and destroyed with wipe.