Documentation - V-220375

Title

MarkLogic Server must associate organization-defined types of security labels having organization-defined security label values with information in process.

Description

<VulnDiscussion>Without the association of security labels to information, there is no basis for the DBMS to make security-related access-control decisions. Security labels are abstractions representing the basic properties or characteristics of an entity (e.g., subjects and objects) with respect to safeguarding information. These labels are typically associated with internal data structures (e.g., tables, rows) within the database and are used to enable the implementation of access control a...

Fix Text (Documentation Requirement)

See specific MarkLogic documentation regarding Compartment level security for necessary steps. Applying Document Compartment Security: 1. Navigate to the MarkLogic Admin page >> Security >> Roles. 2. Create a new role and assign applicable roles/permissions. 3. Provide a Compartment name to the role. 4. Ensure all data ingestion mechanisms (i.e., document insertion code/logic) apply the necessary applicable security permissions. Applying Element-Level Security: 1. Navigate to the MarkLogic Admin page >> Security >> Protected Paths. 2. Create a Protected Path by specifying an XQuery path expression identifying the element requiring specific protections. 3. Add one or more applicable roles, specify their capability, and then save the configuration. 4. Repeat step 3 for each element requiri...