Dear All,
I am trying to use xquery file:write function to create new documents but it seems only ADMIN users can do that. This is a little bit limited (IMHO) as I don't want to give admin privileges to my users.
In other hand, it also seems incoherent as the user can add documents to data base directly from command line.
add as t.xml <r/>
Path '/t.xml' added in 24.72 ms.
xquery declare namespace fx="http://expath.org/ns/file";
fx:write('file1.xml','<w/>') Stopped at line 1, column 78: [BASX0005] ADMIN permission needed.
xquery declare namespace fx="http://expath.org/ns/file";
fx:write('./file1.xml','<w/>') Stopped at line 1, column 80: [BASX0005] ADMIN permission needed.
xquery declare namespace fx="http://expath.org/ns/file";
fx:write('/f.xml','<w/>') Stopped at line 1, column 75: [BASX0005] ADMIN permission needed.
---------------------------------------------------------------------------------------------------------------------------------
I also try to give the user ADMIN privileges to the correspondent database but although it seems possible in the HELP, the fact is that it is not.
show users on test
Username Read Write --------------------- test X X
1 Users.
help grant
GRANT [NONE|READ|WRITE|CREATE|ADMIN] (ON [database]) TO [user] Grant user permissions.
Grants permissions (on a database) to a user.
grant admin on test to test
ADMIN permission is unknown.
grant create on test to test
CREATE permission is unknown.
So, my question is: These are bugs, limitations, or some kind of wrong understood on my part?
Thanks
Isidro
--- avast! Antivirus: Outbound message clean. Virus Database (VPS): 110712-0, 12-07-2011 Tested on: 12-07-2011 17:38:29 avast! - copyright (c) 1988-2011 AVAST Software. http://www.avast.com
Isidro,
thanks for your mail.
I am trying to use xquery file:write function to create new documents but it seems only ADMIN users can do that. This is a little bit limited (IMHO) as I don't want to give admin privileges to my users.
The main reason here is that file:write() is part of the file module, in which all functions require ADMIN rights. Next, the file:write() function can be used in a destructive way as well. For example, it can be used to overwrite other database files, or change configuration files that are otherwise only accessible to the admin user. So I'm sorry that this constraint might be too restrictive for your scenario. We are open for alternative suggestions that cover security issues like the mentioned one (some things would be easier if we coupled user management to the operating system, but as we want to stay platform independent, we introduced our own user management).
I also try to give the user ADMIN privileges to the correspondent database but although it seems possible in the HELP, the fact is that it is not.
The help output on command line is probably too compact to give you all the details. Please have a look into our documentation instead:
http://docs.basex.org/wiki/User_Management http://docs.basex.org/wiki/Commands
Feel free to ask for more, Christian
Thanks Christian,
I'm afraid I am not in position to suggest any alternative, but in fact adding documents to collections is something that (IMHO) should be possible in xquery. I was accustomed to doing that in exist-db. But if it is not possible, I will have to find a possible alternative.
Thanks for your quick answer
Isidro
Em 12-07-2011 21:33, Christian Grün escreveu:
Isidro,
thanks for your mail.
I am trying to use xquery file:write function to create new documents but it seems only ADMIN users can do that. This is a little bit limited (IMHO) as I don't want to give admin privileges to my users.
The main reason here is that file:write() is part of the file module, in which all functions require ADMIN rights. Next, the file:write() function can be used in a destructive way as well. For example, it can be used to overwrite other database files, or change configuration files that are otherwise only accessible to the admin user. So I'm sorry that this constraint might be too restrictive for your scenario. We are open for alternative suggestions that cover security issues like the mentioned one (some things would be easier if we coupled user management to the operating system, but as we want to stay platform independent, we introduced our own user management).
I also try to give the user ADMIN privileges to the correspondent database but although it seems possible in the HELP, the fact is that it is not.
The help output on command line is probably too compact to give you all the details. Please have a look into our documentation instead:
http://docs.basex.org/wiki/User_Management http://docs.basex.org/wiki/Commands
Feel free to ask for more, Christian
avast! Antivirus: Inbound message clean. Virus Database (VPS): 110712-1, 12-07-2011 Tested on: 12-07-2011 22:21:42 avast! - copyright (c) 1988-2011 AVAST Software. http://www.avast.com
--- avast! Antivirus: Outbound message clean. Virus Database (VPS): 110712-1, 12-07-2011 Tested on: 13-07-2011 12:11:46 avast! - copyright (c) 1988-2011 AVAST Software. http://www.avast.com
Dear Isidro,
I'm afraid I am not in position to suggest any alternative, but in fact adding documents to collections is something that (IMHO) should be possible in xquery. I was accustomed to doing that in exist-db. But if it is not possible, I will have to find a possible alternative.
by chance, we're currently adding some database functions to support collection updates from within XQuery:
https://github.com/BaseXdb/basex/issues/73
The new release is planned for end of this month (shortly before the Balisage Conference).
More suggestions are welcome, Christian
Em 12-07-2011 21:33, Christian Grün escreveu:
Isidro,
thanks for your mail.
I am trying to use xquery file:write function to create new documents but it seems only ADMIN users can do that. This is a little bit limited (IMHO) as I don't want to give admin privileges to my users.
The main reason here is that file:write() is part of the file module, in which all functions require ADMIN rights. Next, the file:write() function can be used in a destructive way as well. For example, it can be used to overwrite other database files, or change configuration files that are otherwise only accessible to the admin user. So I'm sorry that this constraint might be too restrictive for your scenario. We are open for alternative suggestions that cover security issues like the mentioned one (some things would be easier if we coupled user management to the operating system, but as we want to stay platform independent, we introduced our own user management).
I also try to give the user ADMIN privileges to the correspondent database but although it seems possible in the HELP, the fact is that it is not.
The help output on command line is probably too compact to give you all the details. Please have a look into our documentation instead:
http://docs.basex.org/wiki/User_Management http://docs.basex.org/wiki/Commands
Feel free to ask for more, Christian
avast! Antivirus: Inbound message clean. Virus Database (VPS): 110712-1, 12-07-2011 Tested on: 12-07-2011 22:21:42 avast! - copyright (c) 1988-2011 AVAST Software. http://www.avast.com
avast! Antivirus: Outbound message clean. Virus Database (VPS): 110712-1, 12-07-2011 Tested on: 13-07-2011 12:11:46 avast! - copyright (c) 1988-2011 AVAST Software. http://www.avast.com
BaseX-Talk mailing list BaseX-Talk@mailman.uni-konstanz.de https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk
basex-talk@mailman.uni-konstanz.de
-
Christian Grün -
Isidro Vila Verde