Securing MarkLogic Server

Use the sec:protect-path() command to set up your protected paths.

For example:

(: add protected paths -> run against the Security database :)

xquery version "1.0-ml";
import module namespace sec="http://marklogic.com/xdmp/security" 
  at "/MarkLogic/security.xqy";

sec:protect-path("secret", (), (xdmp:permission("els-role-2", "read"))),
sec:protect-path("top-secret", (), (xdmp:permission("els-role-1", "read")))

This example uses a second parameter to set a protected path on the example path namespace.

(: add protected paths -> run against the Security database :)

xquery version "1.0-ml";
import module namespace sec = "http://marklogic.com/xdmp/security" 
  at "/MarkLogic/security.xqy";

declare namespace ex = "http://marklogic.com/example";

let $role := "executive"
return 
  sec:protect-path(
    "/ex:envelope/ex:instance/employee/salary", 
    (let $prefix := "ex",$namespace-uri := 
      "marklogic.com/example"
    return
    sec:security-path-namespace($prefix, $namespace-uri), 
  (xdmp:permission($role, "read"))
  )