Loading TOC...
Content Processing Framework Guide (PDF)

Content Processing Framework Guide — Chapter 7

Security Considerations With Content Processing

This chapter describes security considerations to be aware of when using the MarkLogic Server Content Processing Framework, and includes the following sections:

Security Requirements for Users Who Create or Modify Documents

When a document is loaded into a database, the user who loads the document must possess the appropriate privileges to create and/or modify the document. This is true in any application, including a content processing application.

For example, if a content processing application has users who add documents to a database via a WebDAV client, then the user who accesses the WebDAV client must be granted a role with the necessary permissions and privileges to create documents in the context defined by the WebDAV configuration. For details on roles, permissions, and privileges, see Security Guide.

Security Requirements When Modules Perform Privileged Operations

Any modules that are invoked by content processing applications will evaluate as the user who made the change to the document. If that user does not have the privilege to perform the operations in the invoked XQuery module, the module transaction will fail.

Certain MarkLogic Server operations require privileges to execute. For example, xdmp:email, xdmp:eval, xdmp:eval-in, xdmp:invoke, and xdmp:invoke-in all require that users possess their corresponding execute privileges. Therefore, if your modules perform any privileged operations, you either need to deal with the privileges in the XQuery code (with an amp, for example), grant your users a role with the required privileges, or handle the exceptions for unprivileged users in your XQuery code. The pipeline-execution role, predefined in the server, is used (with an amp) to allow users to run the xdmp:eval and xdmp:invoke functions in certain contexts in the content processing code.

Security Roles for Managing Content Processing

MarkLogic Server includes the following pre-defined roles for managing content processing applications:

  • pipeline-execution

    Used in the XQuery code to allow any user (who can write a document to the domain) to execute code in the pipeline.

  • pipeline-management

    Required to create, modify, or delete pipelines.

  • domain-management

    Required to create, modify, or delete domains.

« Previous chapter
Next chapter »