I am working with ml-gradle on MarkLogic 9 but would like to configure the MarkLogic account running ml-gradle with the principle of least-privilege. Is it possible to configure the ml-gradle user in MarkLogic to have more granular permissions, or am I stuck using the admin role? The deployment will be fairly standard, creating documents, modules, indexes, query options etc.
Thanks, --Dan
On
Creating users and roles requires the "security" role too. The Manage docs - http://docs.marklogic.com/REST/management - do a good job of explaining which privileges are needed for each resource.
In addition, the ml-gradle Property Reference - https://github.com/marklogic-community/ml-gradle/wiki/Property-reference - describes the different connections that ml-gradle makes and for what purpose, though there's a ticket open to provide more comprehensive documentation of the different users and roles and connections.
To create app servers, databases, etc., you'll need the
manage-adminprivilege. To create documents and otherwise modify database content, you'll generally need rest-writer. To read documents or do searches, you'll need rest-reader. On top of that, you may need permissions for specific docs.see the Basic Security Requirements section of the REST Application Developer's Guide for more information.