The BaseX user management defines 5 permission levels: NONE, READ, WRITE, CREATE, and ADMIN. Various standard functions must only be executed if a user has sufficient permissions:
CREATE permissions are required for functions that access resources outside the BaseX scope (local files, remote resources).ADMIN permissions are required for functions that change external resources.
We need to check if the currently defined permissions are still correct and complete.
The permission level of some functions depends on its arguments. For example, READ permissions can be sufficient for fn:doc if the function addresses a database resource.
Potential loopholes:
db:restore('does-not-exist') results in a db:no-backup error even for users with NONE permission.- …
The BaseX user management defines 5 permission levels:
NONE,READ,WRITE,CREATE, andADMIN. Various standard functions must only be executed if a user has sufficient permissions:CREATEpermissions are required for functions that access resources outside the BaseX scope (local files, remote resources).ADMINpermissions are required for functions that change external resources.We need to check if the currently defined permissions are still correct and complete.
The permission level of some functions depends on its arguments. For example,
READpermissions can be sufficient forfn:docif the function addresses a database resource.Potential loopholes:
db:restore('does-not-exist')results in adb:no-backuperror even for users withNONEpermission.