> Username  Read  Write  Create  Admin
------------------------------------
admin       X      X      X       X
myuser      

> show users on mydb
Username  Read  Write
---------------------
myuser     X

=> i don't want to grant my user with read permission on all databases, only on "mydb" one.

I always get a "read permission needed" with this kind of query (my db contains xml-tei documents):

[A] = http://localhost:8080/BaseX79/rest/mydb/mydoc.xml?query=//*:p[1]

when these one works fine:

[B] = http://localhost:8080/BaseX79/rest/mydb?query=doc('mydoc.xml')//*:p[1]

Why? 

The query [A] works fine when i set the gobal permissions with:
> Username  Read  Write  Create  Admin
------------------------------------
admin       X      X      X       X
myuser      X

=> As i said previously, i don't want to grant my user with read permission on all databases.

Do i have to always build my queries like doc('mydoc.xml')/xpath to avoid read permission errors? 

Thank you.
Best,
Jérôme

Hi Jérôme,

I tried to simulate your scenario (thanks for giving all the details),
but I didn't get a permission error. However, I only tried the
basexhttp script and not tomcat. Did you try to to copy .basexperm
into the server root or the WAR file [1]?

Best,
Christian

[1] http://docs.basex.org/wiki/Web_Application#User_Management


On Tue, Jul 8, 2014 at 3:20 PM, Jérôme Chauveau
<jerome.chauveau@unicaen.fr> wrote:

Hi,

i am using BaseX79 as a webapp - embedded in a tomcat7 server.

I am working on a php application which runs REST xqueries to my BaseX
server.
I created a "mydb" database and a user "myuser". Then i granted READ
permissions for "myuser".

GRANT read TO myuser
GRAND read TO myuser ON mydb

show users

Username  Read  Write  Create  Admin
------------------------------------
admin            X      X      X       X
myuser         X

 > show users on mydb
Username  Read  Write
---------------------
myuser        X

All my REST xqueries returns a "READ permission needed." message with the
user "myuser" when its works properly with the admin user account.
Moreover, REST xqueries via a web browser (logged as 'myuser') works
properly too.

Did i miss something?

Thank's for help.

Jérôme.

--
Jérôme Chauveau - SAIC-CERTIC - Campus 4
Université de Caen Basse-Normandie

-- 
Jérôme Chauveau - SAIC-CERTIC - Campus 4
Université de Caen Basse-Normandie