Skip to main content

Securing MarkLogic Server

Document and Element Level Permissions Summary

This table describes the permissions required to add, remove, or modify content at the document and element level.

Function Signature

Document and Element Level Permissions

xdmp:node-replace($old,$new)

Document: node-update is required

Element: $old and all its ancestors, as well as descendants are checked for update/node-update

xdmp:node-delete($old)

Document: node-update is required

Element: $old and all its ancestors as well as descendants are checked for update/node-update

xdmp:node-insert-before($sibling,$new)

Document: insert is required

Element: all ancestors of $sibling are checked for insert

xdmp:node-insert-after($sibling,$new)

Document: insert is required

Element: all ancestors of $sibling are checked for insert

xdmp:node-insert-child($parent,$new)

Document: insert is required

Element $parent and all its ancestors are checked for insert

xdmp:document-add-properties($uri,$props)

Document: node-update is required

Element: the properties root* is checked for insert

xdmp:document-set-property($uri,$prop)

Document: node-update is required

Element:

IF the property to be set doesn’t exist, THEN the properties root is checked for insert;

  ELSE

 a.) the properties root* is checked for update/node-update

  b.) the property nodes) and all their descendants are checked for update/node-update

xdmp:document-set-properties($uri,$props)

Document: node-update is required

Element:

IF there is no properties fragment THEN the properties root is checked for insert;

  ELSE

  a.) the properties root* is checked for update/node-update

  b.) all existing property nodes and all their descendants are checked for update/node-update

xdmp:document-remove-properties($uri,$property-names)

Document: node-update is required

Element:

  a.) the properties root* is checked for update/node-update

  b.) all property nodes to be removed and all their descendants are checked for update/node-update

* The properties root is the root of the properties node of a document, not the individual properties contained in the properties node. The properties root is the first line in this diagram:

<prop:properties xmlns:prop="http://marklogic.com/xdmp/property">
   <prop1>. . .</prop1>
   <prop2>. . .</prop2>
   .
   .
   .
   <propN>. . .</propN>
</prop:properties>

See Interactions with Compartment Security for more about combining element level security with compartment security.

In this section: