XQuery sec:create-user-with-role

MarkLogic Server 11.0 Product Documentation
sec.createUserWithRole

sec.createUserWithRole(
   user-name as String,
   description as String?,
   password as String,
   role-names as String[],
   permissions as element(sec.permission)[],
   collections as String[],
   external-names as String[]
) as (Number|String)

Summary

Creates a new user in the system database for the context database. Returns the user ID of the created user. Also creates a role by the same name and assigns the newly-created user to the newly-created role. Parameters that define roles, permissions, and collections are only applied to the new user.

Parameters
user-name A unique username. If $user-name is not unique, an error is returned.
description A description of the user.
password The initial password for this user.
role-names Additional roles (if any) assigned to this user. If one of the $role-names names a role that does not exist, an error is returned.
permissions The default permissions granted to this user.
collections The URIs for the default collections to which this user has access.
external-names One or more external names used to match the user with one or more Distinguished Names in an LDAP server or User Principals in a Kerberos server.

Required Privileges

http://marklogic.com/xdmp/privileges/create-user or create-data-user
http://marklogic.com/xdmp/privileges/create-role or create-data-role
and, for role assignment:
http://marklogic.com/xdmp/privileges/grant-all-roles or
http://marklogic.com/xdmp/privileges/grant-my-roles

Usage Notes

This function must be executed against the security database.

Example



declareUpdate();
const sec = require('/MarkLogic/security.xqy');

sec.createUserWithRole(
    "Jim",
    "Jim the temp",
    "newtemp",
    "Temporary",
    [xdmp.permission("security", "read","element"),
     xdmp.permission("security", "update","element")],
    ("http://marklogic.com/dev_modules"))

// Creates a new user, named Jim, with the roles, Jim and Temporary.  
   Jim is assigned the default permissions, security(read) and security(update),
   and the default collection, "http://marklogic.com/dev_modules".
Powered by MarkLogic Server | Terms of Use | Privacy Policy