Plan Roles and Privileges
Depending on your security requirements and the structure of your enterprise or organization, plan the roles and privileges that make the most sense.
Determine the level of granularity with which you need to protect objects in the database.
Determine how you want to group privileges together in roles.
Create needed URI and execute privileges.
Create roles.
Create users.
Assign users to roles.
Set default permissions for users, either indirectly through roles or directly through the users.
Protect code with
xdmp:security-assert
functions, where needed.Load your documents with the appropriate permissions. If needed, change the permissions of existing documents using the
xdmp:document-add-permissions
,xdmp:document-set-permissions
, andxdmp:document-remove-permissions
functions.Assign access privileges to HTTP, WebDAV, ODBC, and XDBC servers as needed.