sec functions
The table below lists all the "sec" XQuery library functions (in this namespace: http://marklogic.com/xdmp/security).
The security function module is installed as the following file:
install_dir/Modules/MarkLogic/security.xqy
where install_dir is the directory in which
MarkLogic Server is installed.
To use the security.xqy module in your own XQuery modules, include the following line in your XQuery prolog:
import module "http://marklogic.com/xdmp/security" at
"/MarkLogic/security.xqy"
The library uses the sec: namespace, predefined in the
server.
NOTE: When using these functions to administer
security for an application, be sure to execute them against the security
database configured for your application's database. Function calls
in this library can only be executed against a a security
database (for example, Security); the database named
Security is automatically configured when MarkLogic Server
is installed, and it is the default security database. To execute
these functions against the security database,
you can specify the database option in xdmp:eval
or xdmp:invoke, or you can run it in an App Server that
has your security database configured as its database.
91 functions
| Function name | Description |
|---|---|
| sec:amp-add-roles | Adds the roles ($role-names) to the list of roles granted to the amp ($namespace, $local-name, $document-uri). |
| sec:amp-doc-collections | Returns a sequence of strings corresponding to the collection uri's that amps belong to. |
| sec:amp-doc-permissions | Returns a sequence of permission elements that all newly created amp documents receive. |
| sec:amp-exists | This function returns true if the specified amp exists in the security database. |
| sec:amp-get-roles | Returns a sequence of role names for the roles directly assigned to the amp ($namespace, $local-name, $document-uri). |
| sec:amp-remove-roles | Removes a role ($role-name) from the set of roles included by the amp ($namespace, $local-name, $document-uri). |
| sec:amp-set-roles | Assigns the amp identified by $namespace, $local-name and $document-uri to have the roles identified by $roles-names. |
| sec:amps-change-modules-database | This function changes all amps that refer to one modules database to refer to a different database. |
| sec:amps-collection | Returns a string corresponding to the uri for the amps collection. |
| sec:check-admin | Throws an error if the current user does not have the admin role. |
| sec:collection-add-permissions | Add the permissions $permissions to the protected collection identified by $uri. |
| sec:collection-get-permissions | Returns a sequence of permission elements corresponding to the current permissions granted to the protected collection identified by $uri. |
| sec:collection-remove-permissions | Removes the permissions $permissions from the protected collection identified by $uri. |
| sec:collection-set-permissions | Sets the permissions of a protected collection identified by $uri to $permissions. |
| sec:collections-collection | Returns a string corresponding to the uri for the protected collections collection. |
| sec:compartment-get-roles | This function returns a list of roles in the specifed compartment. |
| sec:create-amp | Creates a new amp in the system database for the context database. |
| sec:create-privilege | Creates a new privilege and returns the new privilege-id. |
| sec:create-role | Creates a new role in the system database for the context database. |
| sec:create-user | Creates a new user in the system database for the context database. |
| sec:create-user-with-role | Creates a new user in the system database for the context database. |
| sec:get-amp | Returns an sec:amp element corresponding to an amp identified by ($namespace, $local-name, $document-uri). |
| sec:get-collection | Gets the security document corresponding to a protected collection with uri equal to $uri. |
| sec:get-compartments | This function returns a list of all of the compartments. |
| sec:get-distinct-permissions | Returns a sequence of permission elements made up of a concatenation of $output-perms and the distinct permission elements of $input-perms. |
| sec:get-privilege | Returns a sec:privilege element corresponding to a privilege identified by ($action,$kind). |
| sec:get-role-ids | Returns a sequence of unique sec:role-id elements that corresponds to the sequence of role names $role-names. |
| sec:get-role-names | Returns sequence of unique sec:role-name's that corresponds to the sequence of role IDs $role-ids. |
| sec:get-user-names | Returns sequence of unique sec:user-name's that corresponds to the sequence of user IDs $user-ids. |
| sec:priv-doc-collections | Returns a sequence of strings corresponding to the collection uri's that privileges belong to. |
| sec:priv-doc-permissions | Returns a sequence of permission elements that all newly created privilege documents receive. |
| sec:privilege-add-roles | Adds the roles ($role-names) to the list of roles assigned to the privilege ($action,$kind). |
| sec:privilege-exists | This function returns true if the specified privilege exists. |
| sec:privilege-get-roles | Returns a sequence of role names for the roles assigned to the privilege ($action,$kind). |
| sec:privilege-remove-roles | Removes roles ($role-names) from the roles assigned to the privilege ($action,$kind). |
| sec:privilege-set-name | Changes the sec:privilege-name of a sec:privilege to $new-privilege-name. |
| sec:privilege-set-roles | Assigns the privilege ($action,$kind) to have the roles identified by $role-names. |
| sec:privileges-collection | Returns a string corresponding to the uri for the privileges collection. |
| sec:protect-collection | Protects a collection $uri with the given permissions ($permissions). |
| sec:remove-amp | Removes the amp ($namespace, $local-name, $document-uri, $database) and returns true after completion. |
| sec:remove-privilege | Removes the privilege identified by ($action,$kind). |
| sec:remove-role | Removes the role ($role-name). |
| sec:remove-role-from-amps | Removes references to the role ($role-name) from all amps. |
| sec:remove-role-from-privileges | Removes references to the role ($role-name) from all privileges. |
| sec:remove-role-from-roles | Removes references to the role ($role-name) from all other roles. |
| sec:remove-role-from-users | Removes references to the role ($role-name) from all users. |
| sec:remove-user | Removes the user with name $user-name. |
| sec:role-add-roles | Adds new roles ($new-roles) to the role specified by $role-name. |
| sec:role-doc-collections | Returns a sequence of strings corresponding to the collection uri's that roles belong to. |
| sec:role-doc-permissions | Returns a sequence of permission elements that all newly created role documents receive. |
| sec:role-exists | This function returns true if the specified role exists in the security database. |
| sec:role-get-compartment | This function returns the compartment for the specified role. |
| sec:role-get-default-collections | Returns a sequence of strings correspondinig to the uri's of the role's default collections. |
| sec:role-get-default-permissions | Returns a sequence of permission elements correspondinig to the role's default permissions. |
| sec:role-get-description | Returns the description for the specified role. |
| sec:role-get-roles | Returns a sequence of role names for the roles directly assigned to the given role ($role-name). |
| sec:role-privileges | Returns a set of privilege elements corresponding to all privileges that a role has. |
| sec:role-remove-roles | Removes the roles ($role-names) from the set of roles included by the role ($role-name). |
| sec:role-set-default-collections | Sets the default collections of a role with name $role-name to $collections. |
| sec:role-set-default-permissions | Sets the default permissions for a role with name $role-name. |
| sec:role-set-description | Changes the description of the role identified by $role-name to $description. |
| sec:role-set-name | Changes the sec:role-name of a role from $role-name to $new-role-name. |
| sec:role-set-roles | Assigns roles (named $role-names) to be the set of included roles for the role ($role-name). |
| sec:roles-collection | Returns a string corresponding to the uri for the roles collection. |
| sec:security-collection | Returns a string corresponding to the uri for the Security collection. |
| sec:security-installed | Returns fn:true() if security has been installed on the current database. |
| sec:security-namespace | Returns a string corresponding to the uri of the security namespace. |
| sec:security-version | Returns the current version of the security database. |
| sec:set-realm | Changes the realm of this security database to $realm. |
| sec:uid-for-name | Returns the uids for the named user or () if no such user exists. |
| sec:unprotect-collection | Removes the protection of a collection $uri. |
| sec:user-add-roles | Adds the roles ($role-names) to the list of roles granted to the user ($user-name). |
| sec:user-doc-collections | Returns a sequence of strings corresponding to the collection uri's that users belong to. |
| sec:user-doc-permissions | Returns a sequence of permission elements that all newly created user documents receive. |
| sec:user-exists | This function returns true if the specified user exists in the security database. |
| sec:user-get-default-collections | Returns a sequence of strings correspondinig to the uri's of the user's default collections. |
| sec:user-get-default-permissions | Returns a sequence of permission elements correspondinig to the user's default permissions. |
| sec:user-get-description | Returns the user's description. |
| sec:user-get-password-extra | This function returns the extra information for the specified user. |
| sec:user-get-roles | Returns a sequence of role names for the roles directly assigned to the user ($user-name). |
| sec:user-privileges | Returns a set of privilege elements corresponding to all privileges that a user has. |
| sec:user-remove-roles | Removes the roles ($role-names) from the list of roles granted to the user ($user-name). |
| sec:user-set-default-collections | Sets the default collections of a user with name $user-name to $collections. |
| sec:user-set-default-permissions | Sets the default permissions for a user with name $user-name. |
| sec:user-set-description | Changes the description of the user identified by $user-name to $description. |
| sec:user-set-name | Changes the name of the user from $user-name to $new-user-name. |
| sec:user-set-password | Changes the password for the user identified by $user-name to $password. |
| sec:user-set-password-extra | This function sets extra information for the specified user. |
| sec:user-set-roles | Assigns the user with name $user-name to have the roles identified by $role-names. |
| sec:users-collection | Returns a string corresponding to the uri for the users collection. |
| sec:validate-permissions | This function throws the SEC_NOPERMCAP exception if a permission has no capability specified and it throws the SEC-NOPERMROLEID exception if there is no role specified in the permission. |
Copyright © 2010–2013 MarkLogic Corporation. All rights reserved. | Powered by
MarkLogic Server