Skip to main content

Securing MarkLogic Server

Protected Paths

You can define permissions on an element in the same way that you define permissions on a document. Element level security works by specifying an “indexable” path to an element (or JSON property) and configuring permissions on that path - creating a protected path.

For performance and security reasons, you can only use a subset of XPath for defining protect paths. For details, see Element Level Security in the XQuery and XSLT Reference Guide.

Note

The read, update, and insert permissions for an element are checked separately. For instance, if there are permissions for read, but no permissions for update or insert, there is no control for update or insert on that element. If there are no permissions on an element, anyone can read that element, given that they have the proper document level permissions.