Re: [Exist-open] Exist database user authorisation per resource possible?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

> I have tried to find information on ow to use the database security metho=
ds
> to allow certain users to read and/or update specific resource files (XML
> files). It seemsto me that Exist does not suport this. It allows groups o=
f
> users certain rights, but not individual uders (exept the owner).

Permissions in eXist closely follow the Unix model and roles are
indeed limited to owner, group and world. The Unix model is simple and
space efficient (just one byte used for storing permissions), but we
already thought about implementing a more flexible ACL model.

Anyway, adding your own security layer on the application level is
always possible if access to eXist is exclusively done through your
application. Otherwise, we would have to discuss how to extend the
current security model, i.e. throw away the Unix style permissions and
switch to a more flexible scheme. That's certainly possible if one
figures out a good model.

Wolfgang

Re: [Exist-open] Exist database user authorisation per resource possible?

eXist-db is a feature rich Open Source native XML database

Re: [Exist-open] Exist database user authorisation per resource possible?