Add RBAC for connector admin and use of service descriptors

koopjs / koop-provider-marklogic

A Koop Provider that can be used to exposed data in MarkLogic via Esri feature services

https://koopjs.github.io/koop-provider-marklogic/

Other

6 stars 11 forks source link

Add RBAC for connector admin and use of service descriptors #128

Closed jkerr5 closed 5 years ago

jkerr5 commented 5 years ago

We need one role to be able to give to users that allows them to read service descriptors and execute the connector modules.

We also need a role that has the ability to insert and update/delete descriptors as well as update the connector modules.

Maybe the descriptor collection should be protected: "http://marklogic.com/feature-services"

jkerr5 commented 5 years ago

Related to #45 but a subset of the overall security requirements

BillFarber commented 5 years ago

Currently the users with the "esri-connector-reader" role get the "rest-reader" transitively. That gives them the right to execute the connector modules.