0

I have a set of API endpoints which is redirected to the respective Xquery modules using a custom rewriter(that uses rest:rewrite) and custom error handler (that uses $error:errors). The HTTP calls are of GET and POST methods.

When I try to access the API with a non-admin user(app specific user without admin role), I'm getting 404 not found error.

But when I assign the admin role to this user, I'm able to get the results.

As per my understanding, we should not assign the admin roles to app specific user in ML.

I need to know whether I'm missing any execute privileges or roles to be assigned for this user. Or what could be done to resolve this issue?

Timofey Borisov
  • 51
  • 8
Antony
  • 183
  • 8

1 Answers1

1

I suspect you have uploaded your modules with document permissions causing the user you are using to not be able to execute the required code, which likely includes rewriter and error handler as well.

Check which modules database is behind the app-server that you are using, and use QConsole to check permissions of the modules you loaded. Compare the roles mentioned there with those of the user that you are using. Solution is then to either apply different permissions to your modules, or add extra role to your user.

HTH!

grtjn
  • 20,254
  • 1
  • 24
  • 35
  • We have created a role for the app as app-developer and the user is mapped to this role.The modules including the rewriter file had security and temporal-admin roles,So I have added it to the app-developer role.But still I'm getting the same error. – Antony Nov 20 '20 at 13:35
  • pls have a look at the above comment – Antony Nov 23 '20 at 12:15
  • I'd recommend not giving security and temporal-admin role to app-developer, but instead assign at least execute permission for app-developer to your modules. Read permission is in some cases also required, so easiest to add that to all as well. – grtjn Nov 23 '20 at 19:32
  • The previous comment on assigning the permission to my modules worked! Thank you so much! – Antony Nov 24 '20 at 12:55
  • Do we need to add the permissions for data files in App specific Documents DB also? I'm not able to access that without permissions. – Antony Nov 25 '20 at 09:20
  • Different question, but in short yes: add read, and optionally update permission to all docs the user needs to be able to read and optionally update. Insert and node-update are a subset of update, and deletion is covered by update as well. – grtjn Nov 25 '20 at 11:25