0

My question is kind of similar to this question, but not quite : Hide a marklogic database to specific user (permissions)

Background - up until now, developers who use database X were all admins on the server ( this is a historic config that we have recently inherited ), but now we want to have new developers added to the server who definitely wont be admins, and who will have a new database Y added to the server.

What we want to do is have several groups of developers using the same MarkLogic 10 server, but have it so developer group X can only work in their database X, and Developer group Y can only work in database Y. We dont care if they can see all databases on the server.

Does this mean we have to apply permissions to every document in every database to do this, or can we control this via a roles that limit access to specific databases?

Can someone suggest the right way to achieve this please?

Thanks in advance.

steve
  • 395
  • 2
  • 11

1 Answers1

0

You have two tools to work with:

  1. Granular privileges which allow you limit the scope of a privilege to a specific resource (such as database or forest)
  2. Document permissions unique to documents reflective of their respective set of intended users on each database as you already mentioned

However, in my experience, I've generally found this use case is better served by having many small dev clusters rather than one large one as resource contention (one app team pushing CPU to 100%) can become too much of an issue. It is pretty quick and painless to spin up and tear down dev clusters on AWS or Azure. Or, if you're self-hosting, you could look at running multiple MarkLogic Containers on a single host.

Rob S.
  • 3,599
  • 6
  • 30
  • 39