Test It Out

Using the Query Console, you can execute Scenario 1, Scenario 2, and Scenario 3 for each one of the users user1, user2, and user3. The results of the execution are presented in the following table:

User	Role	Scenario	Result
`user1`	`role1`	Add range index to database db1	Success
`user1`	`role1`	Add range index to database db2	Success
`user1`	`role1`	Add backup for database db1	Failure
`user2`	`role2`	Add range index to database db1	Success
`user2`	`role2`	Add range index to database db2	Failure
`user2`	`role2`	Add backup for database db1	Success
`user3`	`role3`	Add range index to database db1	Success
`user3`	`role3`	Add range index to database db2	Failure
`user3`	`role3`	Add backup for database db1	Failure

The following analysis explains these results:

The user user1 successfully adds indexes to both databases db1 and db2, but fails to add backup to database db1, because the user’s role1 has granular privilege http://marklogic.com/xdmp/privileges/admin/database/index that allows to add indexes to any database but does not allow other operations on databases.
The user user2 successfully adds both the index and backup to database db1, but fails to add index to database db2, because the user’s role2 has granular privilege http://marklogic.com/xdmp/privileges/admin/database/db1_identifier that allows this user to perform any operation on database db1 but does not allow operations on other databases.
The user user3 successfully adds index to database db1 but fails to add index to database db2 and to add backup to database db1, because the user’s role3 has granular privilege http://marklogic.com/xdmp/privileges/admin/database/index/db1_identifier that allows to add indexes to database db1 but does not allow any other operation on database db1 and does not allow any operation on other databases.

In this section:

Securing MarkLogic Server

Test It Out

Search results