Using Pseudo-functions with Granular Privileges
When you have a payload that creates a database and a granular privilege for that database, you need to substitute a variable of some sort for the ID of the database because the database has yet to be created. MarkLogic Server has the following pseudo-functions that can be used when creating and assigning granular privileges:
Pseudo-Function and Parameters |
Replaced By... |
|---|---|
|
The group ID of the named group. |
|
The database ID of the named database. |
|
The host ID of the host running the query. |
|
The host ID of the named host. |
|
The forest ID of the named forest. |
|
The cluster ID of the cluster to which the host running the query belongs. |
|
The cluster ID of the named cluster. |
|
The role ID of the named role. |
|
The user ID of the named user. |
|
The server ID of the named server in the group to which the host running the query belongs. |
|
The server ID of the named server in the specified group. Note that
|
|
The privilege ID of the named /execute/ privilege. |
|
The privilege ID of the named execute privilege. |
|
The privilege ID of the named URI privilege. |
For example, to create the privilege finalDbName-index-editor for a not-yet-created database represented by the variable FinalDbName, execute the following code:
{
"privilege-name": "finalDbName-index-editor",
"action": "http://marklogic.com/xdmp/privileges/admin/database/index/$$database-id(FinalDbName)",
"role": ["firstEditorRole","secondEditorRole"],
"kind": "execute"
}