Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use privileges over roles in security scaffolding #546

Closed
dmcassel opened this issue Apr 20, 2020 · 6 comments
Closed

Use privileges over roles in security scaffolding #546

dmcassel opened this issue Apr 20, 2020 · 6 comments
Labels
help wanted
Milestone
4.6.0

Comments

@dmcassel
Copy link
Contributor

Describe the RFE

Exercising Privilege to Restrict Content talks about using privileges (like http://marklogic.com/xdmp/privileges/rest-reader) over roles (like rest-reader). I believe that's generally accepted guidance. Assuming so, I propose changing ml-gradle's scaffolding to set up the default roles to use privileges over roles.
@rjrudin rjrudin added this to the 4.2.0 milestone Dec 10, 2020
@grtjn
Copy link

grtjn commented Apr 21, 2021

I think the title of this issue got it backwards.. :)

@dmcassel dmcassel changed the title Use roles over privileges in security scaffolding Use privileges over roles in security scaffolding Apr 21, 2021
@dmcassel
Copy link
Contributor Author

You're right, @grtjn! fixed

@rjrudin rjrudin modified the milestones: 4.2.0, 4.3.0 May 28, 2021
@rjrudin rjrudin removed this from the 4.3.0 milestone Jul 21, 2021
@rjrudin
Copy link
Contributor

rjrudin commented Jul 21, 2021

Removing from 4.3, but will get to this some day. PR would be appreciated!

@grtjn
Copy link

grtjn commented Jul 21, 2021

I'm short of spare time at the moment, but who knows. Do you have pointers to relevant code?

@rjrudin rjrudin added this to the 4.6.0 milestone Aug 9, 2023
@rjrudin
Copy link
Contributor

rjrudin commented Aug 9, 2023

I like doing this, as privileges really are the way to go. Can rethink the generated roles as well. No possibility for a breaking change here as the files are generated and then a user is free to modify them however they see fit.

@rjrudin
Copy link
Contributor

rjrudin commented Sep 1, 2023

See marklogic/ml-app-deployer#490

@rjrudin rjrudin closed this as completed Sep 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted
Projects
None yet
Milestone
4.6.0
Development

No branches or pull requests
3 participants
@grtjn @dmcassel @rjrudin