Skip to main content

Securing MarkLogic Server

Steps for Example Setup

To set up this example scenario, perform the following steps, using the Admin Interface:

  1. Create a role named ReadsStuff.

  2. Create a user named ReadOnly and grant this user the ReadsStuff role.

  3. Create a role named WritesStuff and grant this role the ReadsStuff role.

  4. Grant the WritesStuff role the any-uri privilege, as well as any execute privileges needed for your application code.

  5. Create a user named LoadsStuff and grant this user the WritesStuff role. When you load documents, load them as the LoadsStuff user and give each document an update and insert permission for the WritesStuff role and a read permission for the ReadsStuff role.

Here is sample code to create a set of permissions with xdmp:permission():

(xdmp:permission("ReadsStuff", "read"),
xdmp:permission("WritesStuff", "insert"),
xdmp:permission("WritesStuff", "update"))

You can also create a set of permissions with the permissions option of either xdmp:document-insert() or xdmp:document-load().

Also, instead of specifying the permissions when you load documents, you can assign default permissions to the LoadsStuff user or the WritesStuff role.

In this section: