Thanks, Christian, that's really helpful! And, your documentation is an invaluable resource for me; I'd be happy to help out when I can.

Shrewdly spotted! You're right, I customize web.xml to remove the default RESTXQ user. I need to lock down some endpoints, but I don't want to use form parameters for authentication. Since BaseX is capable of logging in users by itself, I can leave that job to BaseX and just make sure the API is able to respond based on the permissions of the current user. (Logging in twice to get to the DBA interface is a bit annoying, but I consider it a worthwhile tradeoff, since it really only affects me.)

Warmly,
Ash

From: Christian Grün <cg@basex.org>
Sent: Tuesday, March 10, 2026 10:31 AM
To: BaseX Talk <basex-talk@mailman.uni-konstanz.de>; Clark, Ash <as.clark@northeastern.edu>
Subject: AW: Inspection module permissions?
 
Hi Ash,

Thanks for the observation. Exactly, the function should only be available to admins.

Out of interest: You mentioned that you encountered the restriction with RESTXQ. Do you run RESTXQ with a non-admin user?

And you are right, we should certainly improve the documentation of permissions in our Wiki. Volunteers are welcome ;·)

All the best,
Christian

Von: Clark, Ash via BaseX-Talk <basex-talk@mailman.uni-konstanz.de>
Gesendet: Dienstag, 10. März 2026 15:17
An: BaseX Talk <basex-talk@mailman.uni-konstanz.de>
Betreff: [basex-talk] Inspection module permissions?
 
Hi,

I'm updating to BaseX 12.2 and I noticed that `inspect:xqdoc()` now requires admin permissions. That made sense to me, and I updated my RESTXQ API to fall back on cached data when describing its own documentation.

Unusually, however, I couldn't find any reference to the change in the changelog or the Inspection wiki page. Was the change intentional? If so, it'd be helpful for the Inspection documentation to state that the functions need admin permissions.

Warmly,
Ash Clark