MarkLogic Server 11.0 Product Documentation
xdmp functions (Security)

The security built-in functions are XQuery functions to perform many security-related tasks in MarkLogic Server.

58 functions
Function name Description
xdmp.amp Returns the amp ID for the specified amp.
xdmp.ampRoles Returns the set of all roles assigned to an amp, including roles directly assigned to the amp and roles inherited by other roles.
xdmp.canGrantRoles Tests whether a user can grant or revoke a set of roles.
xdmp.certificateValidateKeyPair Checks if a public key and private key match within an asymmetric encryption sequence.
xdmp.collectionId Return the ID of a collection specified by URI.
xdmp.collections Returns the IDs of all collections in the system.
xdmp.credential Returns the credential
xdmp.credentialId Returns the id of a named credential.
xdmp.credentials Returns the credentials that the current user is allowed to use.
xdmp.databaseNodeQueryRolesets Return a sequence of query-rolesets that are required for proper querying of the given database nodes with Element Level Security.
xdmp.defaultCollections Returns the collections any new document would get if the current user were to insert a document without specifying the collections.
xdmp.defaultPermissions Returns the permissions any new document would get if the current user were to insert a document without specifying the default permissions.
xdmp.documentGetPermissions Returns the permissions to a given document.
xdmp.externalSecurity Returns the external security ID for the specified external security name.
xdmp.getCurrentRoles Returns all the current roles, both assigned and inherited by the current user and any received from amps.
xdmp.getCurrentUser Returns the name of the current user.
xdmp.getCurrentUserid Returns the ID of the current user.
xdmp.getRequestUser If this App Server is using application-level authentication, returns the ID of the user in the last successful call to xdmp.login.
xdmp.hasPrivilege Tests whether the current user has at least one of a given set of privileges.
xdmp.jwtDecode Extracts the contents of a JWT object.
xdmp.jwtValidate Validates the signature of a JWT.
xdmp.keystoreExport Exports all encryption keys stored in the MarkLogic embedded KMS.
xdmp.keystoreImport Import encryption keys into the MarkLogic embedded KMS from an exported encrypted file (see keystore-export).
xdmp.keystoreSetCurrentHost Set current KMS host to the first one matching the user-specified name for all online MarkLogic nodes in the cluster.
xdmp.keystoreSynchronize Synchronize the Keystore's cache containing the keys used for encryption and decryption.
xdmp.keystoreValidateExported Validates the content of an exported keystore file, see keystore-export and keystore-import
xdmp.nodePermissions Returns the permissions to a node's document.
xdmp.nodeQueryRolesets Return a sequence of query-rolesets that are required for proper querying with Element Level Security if the node is inserted into the database with the given document-insert options.
xdmp.parsePermission Returns a permission object corresponding to the element or object given.
xdmp.passiveHasPrivilege Tests whether the current user has at least one of a given set of privileges.
xdmp.passiveSecurityAssert Tests whether the current user has at least one of a given set of privileges.
xdmp.permission Returns a permission object corresponding to the named role and capability given.
xdmp.privilege Returns the privilege ID for the specified privilege name.
xdmp.privilegeKind Return the kind of the specified privilege.
xdmp.privilegeName Return the name of the specified privilege.
xdmp.privilegeRoles Returns the set of all roles that have a given privilege.
xdmp.privileges Returns the IDs of all privileges in the system.
xdmp.role Returns the role ID for the specified role name.
xdmp.roleCompartment Return the compartment of the specified role.
xdmp.roleDescription Return the description of the specified role.
xdmp.roleGetDefaultCollections Return the default collections of specified role.
xdmp.roleGetDefaultPermissions Return the default permissions of specified role.
xdmp.roleName Returns the role name for the specified role id.
xdmp.rolePrivileges Return the IDs of privileges of specified role.
xdmp.roleRoles If the parameter $inherit is true, returns the set of all roles inherited by a given role, including roles directly assigned to the role and roles inherited from other roles.
xdmp.roles Returns the IDs of all roles in the system.
xdmp.securityAssert Tests whether the current user has at least one of a given set of privileges.
xdmp.user Returns the user ID for the specified user name.
xdmp.userExternalSecurity Returns external security id and user name for an external user.
xdmp.userGetDefaultCollections Return the default collections of specified user.
xdmp.userGetDefaultPermissions Return the default permissions of specified user.
xdmp.useridRoles Returns all roles assigned to a user, including roles directly assigned to the user and roles inherited by other roles.
xdmp.userPrivileges Return IDs of all privileges that a user have.
xdmp.userRoles Returns all roles assigned to a user, including roles directly assigned to the user and roles inherited by other roles.
xdmp.x509CertificateExtract Returns the XML representation of the specified X.509 certificate.
xdmp.x509CertificateGenerate Generate a new PEM-encoded X.509 certificate.
xdmp.x509CertificateIssuerName Returns the issuer distinguished name for the specified X.509 certificate.
xdmp.x509CertificateSubjectName Returns the subject distinguished name for the specified X.509 certificate.
Powered by MarkLogic Server | Terms of Use | Privacy Policy