Database Reference
In-Depth Information
As the default resource permissions are
0666
, and with the default
umask applied they are
0644
, XQueries that you store into the
database are not executable by default. This is an intentional deci‐
sion by the eXist developers, made for two reasons: 1) it follows the
Unix security model; and 2) database administrators
should
be
aware of which XQueries are executable and by whom, thus forcing
them to enable execution of an XQuery encourages such a mindset.
Many users ask, “How can I set all XQueries to be executable?”
This is achieved relatively easily by creating an XQuery (which you
can run once) that uses the functions in the
xmldb
XQuery module
to enumerate the XQueries stored in the database, and the Security
Manager XQuery module to set the permissions of those XQueries
(see
xmldb
and
sm
in
Appendix A
).
Managing Users and Groups
In eXist the creation of users and groups is also restricted by permissions, and there
are differences between the required permissions for each.
Table 8-7
shows who is
able to make modifications to users and groups.
Table 8-7. Permissions to modify principals
Action
User modification requirement
Group modification requirement
Creation
•
Member of the
dba
group
•
Member of the
dba
group
Modification
Either:
Either:
•
Target user
•
Group manager
•
Member of the
dba
group
•
Member of the
dba
group
Deletion
Either:
Either:
•
Target user
•
Group manager
•
Member of the
dba
group
•
Member of the
dba
group
Group Managers
When a group is created in eXist it has a single member, which is the user who cre‐
ated it. A group is typically used to model collaboration between users on resources
in the database. As you build up more and more users and groups, it becomes neces‐
sary to share the administration of these groups of users.
Search WWH ::
Custom Search