search

marklogic-community / data-explorer

Data Explorer Tool
Other
15 stars 4 forks source link

MANAGE-INVALIDCONFIG: Invalid privilege #130

Open cskeefer opened 6 years ago

cskeefer commented 6 years ago

When deploying the application to a MarkLogic 8 instance (8.0-6.7) I am receiving the following error when the role defined in ml-config/security/roles/data-explorer-ext-amp-role.json is attempted to be created:

2018-03-18 06:17:51.142 Info: Manage: MANAGE-INVALIDCONFIG: (err:FOER0000) Invalid server configuration: Invalid privilege 2018-03-18 06:17:51.142 Info: Manage: 387:16:/MarkLogic/manage/endpoints/security/roles.xqy 2018-03-18 06:17:51.142 Debug: Manage: 2018-03-18 06:17:51.142 Debug: Manage: MANAGE-INVALIDCONFIG</error:code> 2018-03-18 06:17:51.142 Debug: Manage: err:FOER0000</error:name> 2018-03-18 06:17:51.142 Debug: Manage: 1.0-ml</error:xquery-version> 2018-03-18 06:17:51.142 Debug: Manage: Invalid server configuration: </error:message> 2018-03-18 06:17:51.142 Debug: Manage: MANAGE-INVALIDCONFIG: (err:FOER0000) Invalid server configuration: Invalid privilege</error:format-string> 2018-03-18 06:17:51.142 Debug: Manage: false</error:retryable> 2018-03-18 06:17:51.142 Debug: Manage: </error:expr> 2018-03-18 06:17:51.142 Debug: Manage: 2018-03-18 06:17:51.142 Debug: Manage: Invalid privilege</error:datum> 2018-03-18 06:17:51.142 Debug: Manage: </error:data> 2018-03-18 06:17:51.142 Debug: Manage: 2018-03-18 06:17:51.142 Debug: Manage: 2018-03-18 06:17:51.142 Debug: Manage: /MarkLogic/manage/endpoints/security/roles.xqy</error:uri> 2018-03-18 06:17:51.142 Debug: Manage: 387</error:line> 2018-03-18 06:17:51.142 Debug: Manage: 16</error:column> 2018-03-18 06:17:51.142 Debug: Manage: roles:do-create(map:map(<map:map xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" .../>), <role-properties xmlns="http://marklogic.com/manage/role/properties"&gt;...&lt;/role-properties&gt;)</error:operation> 2018-03-18 06:17:51.142 Debug: Manage: 2018-03-18 06:17:51.142 Debug: Manage:

ML8 doesn't seem to know about the privilege term-query.

Note: I upgraded to MarkLogic 8.0-8.1 and see the same issue

cskeefer commented 6 years ago

The problem is the following execute privileges in ml-config/security/roles/data-explorer-ext-amp-role.json are new in ML9 (so not available in ML8):

{
    "privilege-name": "cts:term-query",
    "action": "http://marklogic.com/xdmp/privileges/term-query",
    "kind": "execute"
}

{
    "privilege-name" : "admin-database",
    "action" : "http://marklogic.com/xdmp/privileges/admin/database",
    "kind" : "execute"
}

The first allows access to cts:term-query which is used to get the list of root elements in the database. That is used when creating a query based on documents in the database.

The second is used to get range indexes that help in figuring out type info for a search field.

Unless anyone has another suggestion, I'll make similarly named execute privileges that will mirror these two and work in both ML8 and ML9.

cskeefer commented 5 years ago

Rather than solution described above, added a gradle-ml8.properties file to handle it. See the associated pull request #175