Loading TOC...

xdmp functions (Security)

The security built-in functions are XQuery functions to perform many security-related tasks in MarkLogic Server.

38 functions
Function name Description
xdmp:amp Returns the amp ID for the specified amp.
xdmp:amp-roles Returns the set of all roles assigned to an amp, including roles directly assigned to the amp and roles inherited by other roles.
xdmp:can-grant-roles Tests whether a user can grant or revoke a set of roles.
xdmp:credential Returns the credential
xdmp:credential-id Returns the id of a named credential.
xdmp:credentials Returns the credentials that the current user is allowed to use.
xdmp:database-node-query-rolesets Return a sequence of query-rolesets that are required for proper querying of the given database nodes with Element Level Security.
xdmp:default-collections Returns the collections any new document would get if the current user were to insert a document without specifying the collections.
xdmp:default-permissions Returns the permissions any new document would get if the current user were to insert a document without specifying the default permissions.
xdmp:document-get-permissions Returns the permissions to a given document.
xdmp:external-security Returns the external security ID for the specified external security name.
xdmp:get-current-roles Returns all the current roles, both assigned and inherited by the current user and any received from amps.
xdmp:get-current-user Returns the name of the current user.
xdmp:get-current-userid Returns the ID of the current user.
xdmp:get-request-user If this App Server is using application-level authentication, returns the ID of the user in the last successful call to xdmp:login.
xdmp:has-privilege Tests whether the current user has at least one of a given set of privileges.
xdmp:keystore-export Exports all encryption keys stored in the MarkLogic embedded KMS.
xdmp:keystore-import Import encryption keys into the MarkLogic embedded KMS from an exported encrypted file (see keystore-export).
xdmp:keystore-validate-exported Validates the content of an exported keystore file, see keystore-export and keystore-import
xdmp:node-permissions Returns the permissions to a node's document.
xdmp:node-query-rolesets Return a sequence of query-rolesets that are required for proper querying with Element Level Security if the node is inserted into the database with the given document-insert options.
xdmp:passive-has-privilege Tests whether the current user has at least one of a given set of privileges.
xdmp:passive-security-assert Tests whether the current user has at least one of a given set of privileges.
xdmp:permission Returns a permission element in the security namespace corresponding to the named role and capability given.
xdmp:privilege Returns the privilege ID for the specified privilege name.
xdmp:privilege-roles Returns the set of all roles that have a given privilege.
xdmp:role Returns the role ID for the specified role name.
xdmp:role-name Returns the role name for the specified role id.
xdmp:role-roles Returns the set of all roles inherited by a given role, including roles directly assigned to the role and roles inherited from other roles.
xdmp:security-assert Tests whether the current user has at least one of a given set of privileges.
xdmp:user Returns the user ID for the specified user name.
xdmp:user-external-security Returns external security id and user name for an external user.
xdmp:user-roles Returns all roles assigned to a user, including roles directly assigned to the user and roles inherited by other roles.
xdmp:userid-roles Returns all roles assigned to a user, including roles directly assigned to the user and roles inherited by other roles.
xdmp:x509-certificate-extract Returns the XML representation of the specified X.509 certificate.
xdmp:x509-certificate-generate Generate a new PEM-encoded X.509 certificate.
xdmp:x509-certificate-issuer-name Returns the issuer distinguished name for the specified X.509 certificate.
xdmp:x509-certificate-subject-name Returns the subject distinguished name for the specified X.509 certificate.