Loading TOC...

sec:create-user

sec:create-user(
   $user-name as xs:string,
   $description as xs:string?,
   $password as xs:string,
   $role-names as xs:string*,
   $permissions as element(sec:permission)*,
   $collections as xs:string*,
   [$external-names as xs:string*],
   [$queries as map:map]
) as xs:unsignedLong

Summary

Creates a new user in the system database for the context database. Returns the user ID of the created user.

Parameters
user-name A unique username. If $user-name is not unique, an error is returned.
description A description of the user.
password The initial password for this user.
role-names The roles (if any) assigned to this user. If one of the $role-names names a role that does not exist, an error is returned.
permissions The default permissions granted to this user.
collections The URIs for the default collections to which this user has access.
external-names One or more external names used to match the user with one or more Distinguished Names in an LDAP server or User Principals in a Kerberos server.
queries A map from capabilities (read, update, node-update, and execute) to cts queries for the user.

Required Privileges

http://marklogic.com/xdmp/privileges/create-user or create-data-user
and, for role assignment:
http://marklogic.com/xdmp/privileges/grant-all-roles or
http://marklogic.com/xdmp/privileges/grant-my-roles
and, for creating users with queries:
http://marklogic.com/xdmp/privileges/user-set-queries

Usage Notes

This function must be executed against the security database.

Example


(: execute this against the security database :)
xquery version "1.0-ml";
import module namespace sec="http://marklogic.com/xdmp/security" at 
    "/MarkLogic/security.xqy";

sec:create-user(
    "Jim",
    "Jim the temp",
    "newtemp",
    "Temporary",
    (xdmp:permission("security", "read")),
    ("http://marklogic.com/dev_modules"))
 
 (: Creates a new user, named "Jim," with the role, "Temporary."  "Jim" 
    is assigned the default permission, security(read), and the default 
    collection, "http://marklogic.com/dev_modules". :)  
  

Example


(: execute this against the security database :)
xquery version "1.0-ml";
import module namespace sec="http://marklogic.com/xdmp/security" at 
    "/MarkLogic/security.xqy";

sec:create-user(
  "Mike", 
  "Mike the contractor", 
  "password", 
  "can-read", (), (), (),
  map:map()=>map:with(
    "read",
    cts:element-query(xs:QName("metadata"), 
      cts:element-word-query(xs:QName("group"), "group-all")))
)

(: Creates a new user, named "Mike", and with the role "can-read". "Mike" has 
   user queries which allows him to read only the documents with "group-all" in 
   the metadata. :)
  

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.