Loading TOC...
Administrator's Guide (PDF)

Administrator's Guide — Chapter 34

Appendix C: Pre-defined Roles

The following roles are pre-defined in every installation of MarkLogic Server. To give a user execute privileges listed for each pre-defined role, you may add the execute privileges individually to an existing role for the user, or add the pre-defined role to the user's set of roles.

The following are the pre-built roles in MarkLogic Server:

admin

The admin role is given all privileges and permissions to perform any action in the system. There are no default permissions associated with the admin role. Users with the admin role are considered authorized administrators; they are trusted personnel and are assumed to be non-hostile, appropriately trained, and follow proper administrative procedures.

admin-builtins

The admin-builtins role has the execute privileges to call the admin built-in functions. The execute privileges given to the admin-builtins role are:

NameAction URI
cancel-any-requesthttp://marklogic.com/xdmp/privileges/cancel-any-request
cancel-my-requesthttp://marklogic.com/xdmp/privileges/cancel-my-request
count-builtinshttp://marklogic.com/xdmp/privileges/counts
xdmp:address-bindablehttp://marklogic.com/xdmp/privileges/xdmp-address-bindable
xdmp:amp-roleshttp://marklogic.com/xdmp/privileges/xdmp-amp-roles
xdmp:castable-ashttp://marklogic.com/xdmp/privileges/xdmp-castable-as
xdmp:compressed-tree-cache-sizehttp://marklogic.com/xdmp/privileges/xdmp-compressed-tree-cache-size
xdmp:compressed-tree-cache-partitionshttp://marklogic.com/xdmp/privileges/xdmp-compressed-tree-cache-partitions
xdmp:default-in-memory-limithttp://marklogic.com/xdmp/privileges/xdmp-default-in-memory-limit
xdmp:default-in-memory-list-sizehttp://marklogic.com/xdmp/privileges/xdmp-default-in-memory-list-size
xdmp:default-in-memory-range-index-sizehttp://marklogic.com/xdmp/privileges/xdmp-default-in-memory-range-index-size
xdmp:in-memory-tree-sizehttp://marklogic.com/xdmp/privileges/xdmp-in-memory-tree-size
xdmp:delete-cluster-config-filehttp://marklogic.com/xdmp/privileges/xdmp-delete-cluster-config-file
xdmp:delete-host-config-filehttp://marklogic.com/xdmp/privileges/xdmp-delete-host-config-file
xdmp:directoryhttp://marklogic.com/xdmp/privileges/xdmp-directory
xdmp:disable-eventhttp://marklogic.com/xdmp/privileges/xdmp-disable-event
xdmp:emailhttp://marklogic.com/xdmp/privileges/xdmp-email
xdmp:email-addresshttp://marklogic.com/xdmp/privileges/xdmp-email-address
xdmp:enable-eventhttp://marklogic.com/xdmp/privileges/xdmp-enable-event
xdmp:expanded-tree-cache-sizehttp://marklogic.com/xdmp/privileges/xdmp-expanded-tree-cache-size
xdmp:expanded-tree-cache-partitionshttp://marklogic.com/xdmp/privileges/xdmp-expanded-tree-cache-partitions
xdmp:forest-backuphttp://marklogic.com/xdmp/privileges/xdmp-forest-backup
xdmp:forest-clearhttp://marklogic.com/xdmp/privileges/xdmp-forest-clear
xdmp:forest-deletehttp://marklogic.com/xdmp/privileges/xdmp-forest-delete
xdmp:forest-restorehttp://marklogic.com/xdmp/privileges/xdmp-forest-restore
xdmp:forest-statushttp://marklogic.com/xdmp/privileges/xdmp-forest-status
xdmp:forest-keyshttp://marklogic.com/xdmp/privileges/xdmp-forest-keys
xdmp:get-hot-updateshttp://marklogic.com/xdmp/privileges/xdmp-get-hot-updates
xdmp:host-namehttp://marklogic.com/xdmp/privileges/xdmp-hostname
xdmp:license-acceptedhttp://marklogic.com/xdmp/privileges/xdmp-license-accepted
xdmp:list-cache-sizehttp://marklogic.com/xdmp/privileges/xdmp-list-cache-size
xdmp:list-cache-partitionshttp://marklogic.com/xdmp/privileges/xdmp-list-cache-partitions
xdmp:pre-release-expireshttp://marklogic.com/xdmp/privileges/xdmp-pre-release-expires
xdmp:read-cluster-config-filehttp://marklogic.com/xdmp/privileges/xdmp-read-cluster-config-file
xdmp:read-host-config-filehttp://marklogic.com/xdmp/privileges/xdmp-read-host-config-file
xdmp:restarthttp://marklogic.com/xdmp/privileges/xdmp-restart
xdmp:server-backuphttp://marklogic.com/xdmp/privileges/xdmp-server-backup
xdmp:server-import-qualitieshttp://marklogic.com/xdmp/privileges/xdmp-server-import-qualities
xdmp:server-restorehttp://marklogic.com/xdmp/privileges/xdmp-server-restore
xdmp:set-hot-updateshttp://marklogic.com/xdmp/privileges/xdmp-set-hot-updates
xdmp:shutdownhttp://marklogic.com/xdmp/privileges/xdmp-shutdown
xdmp:smtp-relayhttp://marklogic.com/xdmp/privileges/xdmp-smtp-relay
xdmp:user-last-loginhttp://marklogic.com/xdmp/privileges/xdmp-user-last-login
xdmp:usernamehttp://marklogic.com/xdmp/privileges/xdmp-username
xdmp:write-cluster-config-filehttp://marklogic.com/xdmp/privileges/xdmp-write-cluster-config-file
xdmp:write-host-config-filehttp://marklogic.com/xdmp/privileges/xdmp-write-host-config-file

There are no default permissions associated with the admin-builtins role.

admin-module-internal

The admin-module-internal role is used internally by the Admin Library Module and should not be assigned to any user. For details, see Scripting Administrative Tasks in MarkLogic Server in the Scripting Administrative Tasks Guide.

alert-admin

The alert-admin role is used for administrators of an alerting application. For details, see the Creating Alerting Applications chapter of the Search Developer's Guide.

alert-execution

The alert-execution role is used internally by the Alerting API to amp privileges in a protected way. You should not give this role to any individual users. For details, see the Creating Alerting Applications chapter of the Search Developer's Guide.

alert-internal

The alert-internal role is used internally by the Alerting API to amp privileges in a protected way. You should not give this role to any individual users. For details, see the Creating Alerting Applications chapter of the Search Developer's Guide.

alert-user

The alert-user role is used by users of an alerting application. For details, see the Creating Alerting Applications chapter of the Search Developer's Guide.

app-builder

The app-builder role provides the privileges needed to run Application Builder. Application Builder performs many administrative tasks on MarkLogic Server (for example, creating databases and App Servers), and this role provides the privileges to perform those tasks. While the privileges are minimized to the needed functions and to amped functions, it still allows users with the role to create these resources on MarkLogic Server, and therefore, only trusted users (users who are assumed to be non-hostile, appropriately trained, and follow proper administrative procedures) should be granted the app-builder role. Assign the app-builder role to users who are allowed to generate applications with Application Builder.

For details, see the Application Builder Developer's Guide.

app-builder-internal

The app-builder-internal role is used by Application Builder to amp certain functions that Application Builder performs. You should not explicitly grant the app-builder-internal role to any user; it is only for internal use by Application Builder.

For details, see the Application Builder Developer's Guide.

app-user

The app-user role is a minimally privileged role that is needed to run any application that Application Builder generates. You must grant this role to all users who are allowed to run the generated application.

For details, see the Application Builder Developer's Guide.

application-plugin-registrar

The application-plugin-registrar role is used in the plugin API, and has the following execute privileges:

NameAction URI
plugin-server-fieldshttp://marklogic.com/xdmp/privileges/plugin-server-fields
plugin-registerhttp://marklogic.com/xdmp/privileges/plugin-register
xdmp:filesystem-directoryhttp://marklogic.com/xdmp/privileges/xdmp-filesystem-directory
xdmp:get-server-fieldhttp://marklogic.com/xdmp/privileges/xdmp-get-server-field
xdmp:get-server-field-nameshttp://marklogic.com/xdmp/privileges/xdmp-get-server-field-names
xdmp:invoke-modules-change-filehttp://marklogic.com/xdmp/privileges/xdmp-invoke-modules-change-file
xdmp:set-server-fieldhttp://marklogic.com/xdmp/privileges/xdmp-set-server-field
xdmp:set-server-field-privilegehttp://marklogic.com/xdmp/privileges/xdmp-set-server-field-privilege

appservices-internal

The appservices-internal role is used by Application Services to amp certain functions that Application Services performs. You should not explicitly grant the appservices-internal role to any user; it is only for internal use by Application Services.

cpf-restart

The cpf-restart role is used by CPF to control access to the CPF restart trigger. The CPF restart user should have the cpf-restart role, as well as all of the permissions and privileges that normal users have on the documents.

custom-dictionary-admin

The custom-dictionary-admin role is to perform adminstative functions (for writing dictionaries in the configuration) in the custom dictionary API.

custom-dictionary-user

The custom-dictionary-user role is to perform user functions (for reading dictionaries in the configuration) in the custom dictionary API.

dls-admin

The dls-admin role is designed to give administrators of Library Services applications all of the privileges that are needed to use the Library Services API. It has the needed privileges to perform operations such as inserting retention policies and breaking checkouts, so only trusted users (users who are assumed to be non-hostile, appropriately trained, and follow proper administrative procedures) should be granted the dls-admin role. Assign the dls-admin role to administrators of your Library Services application.

For details, see the Library Services Applications chapter in the Application Developer's Guide.

dls-internal

The dls-internal role is a role that is used internally by the Library Services API, but you should not explicitly grant it to any user or role. This role is used to amp special privileges within the context of certain functions of the Library Services API. Assigning this role to users would give them privileges on the system that you typically do not want them to have; do not assign this role to any users.

For details, see the Library Services Applications chapter in the Application Developer's Guide.

dls-user

The dls-user role is a minimally privileged role. It is used in the Library Services API to allow regular users of the Library Services application (as opposed to dls-admin users) to be able to execute code in the Library Services API. It allows users, with document update permission, to manage, checkout, and checkin managed documents.

The dls-user role only has privileges that are needed to run the Library Services API; it does not provide execute privileges to any functions outside the scope of the Library Services API. The Library Services API uses the dls-user role as a mechanism to amp more privileged operations in a controlled way. It is therefore reasonably safe to assign this role to any user whom you trust to use your Library Services application. Assign the dls-user role to all users of your Library Services application.

For details, see the Library Services Applications chapter in the Application Developer's Guide.

domain-management

The domain-management role has the privileges to create and modify content processing domains. The domain-management role has no execute privileges associated with it, but it has the following default permissions:

RoleCapability
domain-managementRead
domain-managementUpdate

filesystem-access

The filesystem-access role has the privileges to access the file system. The execute privileges given to the filesystem-access role are:

NameAction URI
xdmp:document-gethttp://marklogic.com/xdmp/privileges/xdmp-document-get
xdmp:document-loadhttp://marklogic.com/xdmp/privileges/xdmp-document-load
xdmp:gethttp://marklogic.com/xdmp/privileges/xdmp-get
xdmp:loadhttp://marklogic.com/xdmp/privileges/xdmp-load
xdmp:savehttp://marklogic.com/xdmp/privileges/xdmp-save

There are no default permissions associated with the filesystem-access role.

flexrep-admin

The flexrep-admin role is required to configure replication.

flexrep-internal

The flexrep-internal role is used by Flexible Replication to amp certain functions that Flexible Replication performs. You should not explicitly grant the flexrep-internal role to any user; it is only for internal use by Flexible Replication.

flexrep-user

The flexrep-user role user is required to access the Replica App Server when configured for push replication and the Master App Server when configured for pull replication. The replication user must be given the flexrep-user role and have the privileges necessary to update the domain content.

hadoop-internal

The hadoop-internal role is for internal use only. Do not assign this role to any users. This role is used to amp special privileges within the context of certain functions of the Hadoop MapReduce Connector. Assigning this role to users would give them privileges on the system that you typically do not want them to have.

hadoop-user-all

The hadoop-user-all role combines the privileges of hadoop-user-read and hadoop-user-write.

hadoop-user-read

The hadoop-user-read role allows use of MarkLogic Server as an input source for a MapReduce job. This role does not grant any other privileges, so the mapreduce.marklogic.input.user may still require additional privileges to read content from the target database. The hadoop-user-read role has the following execute privileges:

NameAction URI
hadoop-user-readhttp://marklogic.com/xdmp/privileges/hadoop-user-read
xdbc:evalhttp://marklogic.com/xdmp/privileges/xdbc-eval
xdbc:eval-inhttp://marklogic.com/xdmp/privileges/xdbc-eval-in
xdmp:valuehttp://marklogic.com/xdmp/privileges/xdmp-value
xdmp:with-namespaceshttp://marklogic.com/xdmp/privileges/xdmp-with-namespace

hadoop-user-write

The hadoop-user-write role allows use of MarkLogic Server as an output destination for a MapReduce job. This role does not grant any other privileges, so the mapreduce.marklogic.output.user may still require additional privileges to insert or update content in the target database. The hadoop-user-write role has the following execute privileges:

NameAction URI
any-urihttp://marklogic.com/xdmp/privileges/any-uri
hadoop-user-writehttp://marklogic.com/xdmp/privileges/hadoop-user-write
unprotected-collectionshttp://marklogic.com/xdmp/privileges/unprotected-collections
xdbc:evalhttp://marklogic.com/xdmp/privileges/xdbc-eval
xdbc:insert-inhttp://marklogic.com/xdmp/privileges/xdbc-insert-in
xdmp:with-namespaceshttp://marklogic.com/xdmp/privileges/xdmp-with-namespace

infostudio-admin-internal

The infostudio-admin-user role provides the privileges needed to handle CPF restart and resume unfinished Information Studio tasks in the event of an unexpected shutdown and restart of MarkLogic Server. When MarkLogic Server is restarted, long-running collectors resume loading documents in the database. In this situation, the original user that started the collector is unknown, so the purpose of the infostudio-admin user is to resume control of the collector.

For more details, see the Controlling Access to Information Studio chapter in the Information Studio Developer's Guide.

infostudio-internal

The infostudio-user role is used by Information Studio to amp certain functions that Information Studio performs. You should not explicitly grant the infostudio-internal role to any user; it is only for internal use by Information Studio.

infostudio-user

The infostudio-user role is a minimally privileged role that is needed to use Information Studio. You must grant this role to all users who are allowed to access Information Studio.

The infostudio-user role has the following execute privileges:

  • infostudio (http://marklogic.com/xdmp/privileges/infostudio)
  • unprotected-collections

manage-admin

The manage-admin role has the privileges related to accessing the management API and the tiered storage API for operations that change the configuration. The execute privileges given to the manage-admin role are:

NameAction URI
managehttp://marklogic.com/xdmp/privileges/manage
manage-adminhttp://marklogic.com/xdmp/privileges/manage-admin
ts:database-create-sub-databasehttp://marklogic.com/xdmp/privileges/database-create-sub-database
ts:database-create-super-databasehttp://marklogic.com/xdmp/privileges/database-create-super-database
ts:database-delete-sub-databasehttp://marklogic.com/xdmp/privileges/database-delete-sub-database
ts:database-delete-sub-databasehttp://marklogic.com/xdmp/privileges/database-delete-super-database
ts:database-partitionshttp://marklogic.com/xdmp/privileges/database-partitions
ts:forest-combinehttp://marklogic.com/xdmp/privileges/forest-combine
ts:forest-migratehttp://marklogic.com/xdmp/privileges/forest-migrate
ts:partition-createhttp://marklogic.com/xdmp/privileges/partition-create
ts:partition-deletehttp://marklogic.com/xdmp/privileges/partition-delete
ts:partition-forestshttp://marklogic.com/xdmp/privileges/partition-forests
ts:partition-migratehttp://marklogic.com/xdmp/privileges/partition-migrate
ts:partition-resizehttp://marklogic.com/xdmp/privileges/partition-resize
ts:partition-set-availabilityhttp://marklogic.com/xdmp/privileges/partition-set-availability
ts:partition-set-updates-allowedhttp://marklogic.com/xdmp/privileges/partition-set-updates-allowed
ts:partition-transferhttp://marklogic.com/xdmp/privileges/partition-transfer

There are no default permissions associated with the manage-admin role.

manage-admin-internal

The manage-admin-internal role is used to amp certain functions used by the Configuration Manager and the Management API. You should not explicitly grant the manage-admin-internal role to any user; it is only for internal use.

manage-internal

The manage-internal role is used to amp certain functions used by the Configuration Manager. You should not explicitly grant the manage-internal role to any user; it is only for internal use.

manage-user

The manage-user role has the privileges related to accessing the Configuration Manager. The execute privileges given to the merge role are:

NameAction URI
managehttp://marklogic.com/xdmp/privileges/manage

There are no default permissions associated with the manage-user role.

merge

The merge role has the privileges related to forest merging. The execute privileges given to the merge role are:

NameAction URI
xdmp:mergehttp://marklogic.com/xdmp/privileges/xdmp-merge
xdmp:merginghttp://marklogic.com/xdmp/privileges/xdmp-merging

There are no default permissions associated with the merge role.

network-access

The network-access role has the privileges to run the xdmp:http-* functions (xdmp:http-get, xdmp:http-post, and so on). The execute privileges given to the network-access role are:

NameAction URI
xdmp:http-gethttp://marklogic.com/xdmp/privileges/xdmp-http-get
xdmp:http-headhttp://marklogic.com/xdmp/privileges/xdmp-http-head
xdmp:http-optionshttp://marklogic.com/xdmp/privileges/xdmp-http-options
xdmp:http-deletehttp://marklogic.com/xdmp/privileges/xdmp-http-delete
xdmp:http-posthttp://marklogic.com/xdmp/privileges/xdmp-http-post
xdmp:http-puthttp://marklogic.com/xdmp/privileges/xdmp-http-put

pipeline-execution

The pipeline-execution role is used in the XQuery code to allow any user (who can write a document to the domain) to execute code in the pipeline.

For details, see the Content Processing Framework Guide guide.

pipeline-management

The pipeline-management role has the privileges to create and modify content processing pipelines. The pipeline-management role has no execute privileges associated with it, but it has the following default permissions:

RoleCapability
pipeline-managementRead
pipeline-managementUpdate

pki

The pki role has the privileges to use the PKI Library functions. For details, see Configuring SSL on App Servers.

plugin-internal

The plugin-user role is used to amp certain functions assocated with plugins. You should not explicitly grant the plugin-internal role to any user; it is only for internal use by the plugin API.

qconsole-internal

The qconsole-internal role is used by Query Console to amp certain functions that Query Console performs. You should not explicitly grant the qconsole-internal role to any user; it is only for internal use by Query Console.

qconsole-user

The qconsole-user role is a minimally privileged role that is needed to use Query Console. You must grant this role to all users who are allowed to use Query Console.

The qconsole-user role has the following execute privileges:

  • qconsole (http://marklogic.com/xdmp/privileges/qconsole)

rest-admin

The rest-admin role has the rest-writer and manage-user roles and allows those granted the role full access to read and write via the REST API.

rest-admin-internal

The rest-admin-internal role is used internally by the REST Library. You should not explicitly grant it to any user or role.

rest-extension-user

The rest-extension-user role enables access to resource service extension methods. .

rest-internal

The rest-internal role is used internally by the REST Library. You should not explicitly grant it to any user or role.

rest-reader

The rest-reader role enables read operations through the MarkLogic REST API, such as retrieving documents and metadata.

rest-writer-internal

The rest-reader-internal role is used internally by the REST Library. You should not explicitly grant it to any user or role.

rest-writer

The rest-writer role enables write operations through the MarkLogic REST API, such as creating documents, metadata, or configuration information.

rest-reader-internal

The rest-writer-internal role is used internally by the REST Library. You should not explicitly grant it to any user or role.

search-internal

The search-internal role is a role that is used internally by the search API. You should not explicitly grant it to any user or role.

security

The security role has the privileges needed to perform security functions. The execute privileges given to the security role are:

NameAction URI
amp-add-roleshttp://marklogic.com/xdmp/privileges/amp-add-roles
amp-get-roleshttp://marklogic.com/xdmp/privileges/amp-get-roles
amp-remove-roleshttp://marklogic.com/xdmp/privileges/amp-remove-roles
amp-set-roleshttp://marklogic.com/xdmp/privileges/amp-set-roles
any-collectionhttp://marklogic.com/xdmp/privileges/any-collection
any-urihttp://marklogic.com/xdmp/privileges/any-uri
collection-add-permissionshttp://marklogic.com/xdmp/privileges/collection-add-permissions
collection-get-permissionshttp://marklogic.com/xdmp/privileges/collection-get-permissions
collection-remove-permissionshttp://marklogic.com/xdmp/privileges/collection-remove-permissions
collection-set-permissionshttp://marklogic.com/xdmp/privileges/collection-set-permissions
create-amphttp://marklogic.com/xdmp/privileges/create-amp
create-privilegehttp://marklogic.com/xdmp/privileges/create-privilege
create-rolehttp://marklogic.com/xdmp/privileges/create-role
create-userhttp://marklogic.com/xdmp/privileges/create-user
get-amphttp://marklogic.com/xdmp/privileges/get-amp
get-privilegehttp://marklogic.com/xdmp/privileges/get-privilege
get-role-idshttp://marklogic.com/xdmp/privileges/get-role-ids
grant-all-roleshttp://marklogic.com/xdmp/privileges/grant-all-roles
grant-my-roleshttp://marklogic.com/xdmp/privileges/grant-my-roles
permissionhttp://marklogic.com/xdmp/privileges/permission
privilege-add-roleshttp://marklogic.com/xdmp/privileges/privilege-add-roles
privilege-get-roleshttp://marklogic.com/xdmp/privileges/privilege-get-roles
privilege-remove-roleshttp://marklogic.com/xdmp/privileges/privilege-remove-roles
privilege-set-namehttp://marklogic.com/xdmp/privileges/privilege-set-name
privilege-set-roleshttp://marklogic.com/xdmp/privileges/privilege-set-roles
protect-collectionhttp://marklogic.com/xdmp/privileges/protect-collection
remove-amphttp://marklogic.com/xdmp/privileges/remove-amp
remove-privilegehttp://marklogic.com/xdmp/privileges/remove-privilege
remove-rolehttp://marklogic.com/xdmp/privileges/remove-role
remove-role-from-ampshttp://marklogic.com/xdmp/privileges/remove-role-from-amps
remove-role-from-privilegeshttp://marklogic.com/xdmp/privileges/remove-role-from-privileges
remove-role-from-roleshttp://marklogic.com/xdmp/privileges/remove-role-from-roles
remove-role-from-usershttp://marklogic.com/xdmp/privileges/remove-role-from-users
remove-userhttp://marklogic.com/xdmp/privileges/remove-user
role-add-roleshttp://marklogic.com/xdmp/privileges/role-add-roles
role-get-default-collectionshttp://marklogic.com/xdmp/privileges/role-get-default-collections
role-get-default-permissionshttp://marklogic.com/xdmp/privileges/role-get-default-permissions
role-get-roleshttp://marklogic.com/xdmp/privileges/role-get-roles
role-privilegeshttp://marklogic.com/xdmp/privileges/role-privileges
role-remove-roleshttp://marklogic.com/xdmp/privileges/role-remove-roles
role-set-default-collectionshttp://marklogic.com/xdmp/privileges/role-set-default-collections
role-set-default-permissionshttp://marklogic.com/xdmp/privileges/role-set-default-permissions
role-set-descriptionhttp://marklogic.com/xdmp/privileges/role-set-description
role-set-namehttp://marklogic.com/xdmp/privileges/role-set-name
role-set-roleshttp://marklogic.com/xdmp/privileges/role-set-roles
unprotect-collectionhttp://marklogic.com/xdmp/privileges/unprotect-collection
user-add-roleshttp://marklogic.com/xdmp/privileges/user-add-roles
user-get-default-collectionshttp://marklogic.com/xdmp/privileges/user-gt-default-collections
user-get-default-permissionshttp://marklogic.com/xdmp/privileges/user-get-default-permissions
user-get-descriptionhttp://marklogic.com/xdmp/privileges/user-get-description
user-get-roleshttp://marklogic.com/xdmp/privileges/user-get-roles
user-privilegeshttp://marklogic.com/xdmp/privileges/user-privileges
user-remove-roleshttp://marklogic.com/xdmp/privileges/user-remove-roles
user-set-default-collectionshttp://marklogic.com/xdmp/privileges/user-set-default-collections
user-set-default-permissionshttp://marklogic.com/xdmp/privileges/user-set-default-permissions
user-set-descriptionhttp://marklogic.com/xdmp/privileges/user-set-description
user-set-namehttp://marklogic.com/xdmp/privileges/user-set-name
user-set-passwordhttp://marklogic.com/xdmp/privileges/user-set-password
user-set-roleshttp://marklogic.com/xdmp/privileges/user-set-roles
xdmp:amp-roleshttp://marklogic.com/xdmp/privileges/xdmp:amp-roles
xdmp:privilege-roleshttp://marklogic.com/xdmp/privileges/xdmp:privilege-roles
xdmp:role-roleshttp://marklogic.com/xdmp/privileges/xdmp:role-roles
xdmp:user-roleshttp://marklogic.com/xdmp/privileges/xdmp:user-roles

Default permissions for the security role are:

RoleCapability
securityRead
securityInsert
securityUpdate

trigger-management

The trigger-management role has the privileges to create and modify triggers. The trigger-management role has no execute privileges associated with it. This role has the following default permissions:

RoleCapability
trigger-managementRead
trigger-managementUpdate

xa

The xa user role allows creation and management of one's own XA transaction branches

in MarkLogic Server. The xa role is required to participate in XA transactions. For details, see Participating in XA Transactions in the XCC Developer's Guide. The xa role has the following execute privileges:

NameAction URI
complete-my-transactionhttp://marklogic.com/xdmp/privileges/complete-my-transactions
forget-my-xa-transactionshttp://marklogic.com/xdmp/privileges/forget-my-xa-transactions
prepare-my-xa-transactionshttp://marklogic.com/xdmp/privileges/prepare-my-xa-transactions
status-builtinshttp://marklogic.com/xdmp/privileges/status-builtins
xdmp:set-current-transactionhttp://marklogic.com/xdmp/privileges/set-current-transaction
xdmp:transaction-createhttp://marklogic.com/xdmp/privileges/xdmp-transaction-create
xdmp:transaction-create-xidhttp://marklogic.com/xdmp/privileges/xdmp-transaction-create-xid

xa-admin

The xa-admin role allows creation and manage of any user's XA transaction branches in

MarkLogic Server. The xa-admin role is intended primarily for Administrators who need to complete or forget XA transactions. The xa-admin role has the following execute privileges:

NameAction URI
complete-any-transactionshttp://marklogic.com/xdmp/privileges/complete-any-transactions
complete-my-transactionhttp://marklogic.com/xdmp/privileges/complete-my-transactions
forget-any-xa-transactionshttp://marklogic.com/xdmp/privileges/forget-any-xa-transactions
forget-my-xa-transactionshttp://marklogic.com/xdmp/privileges/forget-my-xa-transactions
prepare-any-xa-transactionshttp://marklogic.com/xdmp/privileges/prepare-any-xa-transactions
prepare-my-xa-transactionshttp://marklogic.com/xdmp/privileges/prepare-my-xa-transactions
status-builtinshttp://marklogic.com/xdmp/privileges/status-builtins
xdmp:set-current-transactionhttp://marklogic.com/xdmp/privileges/set-current-transaction
xdmp:transaction-createhttp://marklogic.com/xdmp/privileges/xdmp-transaction-create
xdmp:transaction-create-xidhttp://marklogic.com/xdmp/privileges/xdmp-transaction-create-xid

welcome-internal

The welcome-internal role is a role that use to be used internally by the MarkLogic Server Welcome Page (now removed). You should not explicitly grant it to any user or role.

xinclude

The xinclude role provides the privileges to run the XInclude code used in the XInclude CPF application. For details, see Reusing Content With Modular Document Applications in the Application Developer's Guide.

« Previous chapter
Powered by MarkLogic Server 7.0-4.1 and rundmc | Terms of Use | Privacy Policy