MarkLogic 10 Product Documentation
xdmp functions (Security)

The security built-in functions are XQuery functions to perform many security-related tasks in MarkLogic Server.

55 functions
Function name Description
xdmp:amp Returns the amp ID for the specified amp.
xdmp:amp-roles Returns the set of all roles assigned to an amp, including roles directly assigned to the amp and roles inherited by other roles.
xdmp:can-grant-roles Tests whether a user can grant or revoke a set of roles.
xdmp:certificate-validate-key-pair Checks if a public key and private key match within an asymmetric encryption sequence.
xdmp:collection-id Return the ID of a collection specified by URI.
xdmp:collections Returns the IDs of all collections in the system.
xdmp:credential Returns the credential
xdmp:credential-id Returns the id of a named credential.
xdmp:credentials Returns the credentials that the current user is allowed to use.
xdmp:database-node-query-rolesets Return a sequence of query-rolesets that are required for proper querying of the given database nodes with Element Level Security.
xdmp:default-collections Returns the collections any new document would get if the current user were to insert a document without specifying the collections.
xdmp:default-permissions Returns the permissions any new document would get if the current user were to insert a document without specifying the default permissions.
xdmp:document-get-permissions Returns the permissions to a given document.
xdmp:external-security Returns the external security ID for the specified external security name.
xdmp:get-current-roles Returns all the current roles, both assigned and inherited by the current user and any received from amps.
xdmp:get-current-user Returns the name of the current user.
xdmp:get-current-userid Returns the ID of the current user.
xdmp:get-request-user If this App Server is using application-level authentication, returns the ID of the user in the last successful call to xdmp:login .
xdmp:has-privilege Tests whether the current user has at least one of a given set of privileges.
xdmp:keystore-export Exports all encryption keys stored in the MarkLogic embedded KMS.
xdmp:keystore-import Import encryption keys into the MarkLogic embedded KMS from an exported encrypted file (see keystore-export).
xdmp:keystore-set-current-host Set current KMS host to the first one matching the user-specified name for all online MarkLogic nodes in the cluster.
xdmp:keystore-synchronize Synchronize the Keystore's cache containing the keys used for encryption and decryption.
xdmp:keystore-validate-exported Validates the content of an exported keystore file, see keystore-export and keystore-import
xdmp:node-permissions Returns the permissions to a node's document.
xdmp:node-query-rolesets Return a sequence of query-rolesets that are required for proper querying with Element Level Security if the node is inserted into the database with the given document-insert options.
xdmp:passive-has-privilege Tests whether the current user has at least one of a given set of privileges.
xdmp:passive-security-assert Tests whether the current user has at least one of a given set of privileges.
xdmp:permission Returns a permission element in the security namespace corresponding to the named role and capability given.
xdmp:privilege Returns the privilege ID for the specified privilege name.
xdmp:privilege-kind Return the kind of the specified privilege.
xdmp:privilege-name Return the name of the specified privilege.
xdmp:privilege-roles Returns the set of all roles that have a given privilege.
xdmp:privileges Returns the IDs of all privileges in the system.
xdmp:role Returns the role ID for the specified role name.
xdmp:role-compartment Return the compartment of the specified role.
xdmp:role-description Return the description of the specified role.
xdmp:role-get-default-collections Return the default collections of specified role.
xdmp:role-get-default-permissions Return the default permissions of specified role.
xdmp:role-name Returns the role name for the specified role id.
xdmp:role-privileges Return the IDs of privileges of specified role.
xdmp:role-roles If the parameter $inherit is true, returns the set of all roles inherited by a given role, including roles directly assigned to the role and roles inherited from other roles.
xdmp:roles Returns the IDs of all roles in the system.
xdmp:security-assert Tests whether the current user has at least one of a given set of privileges.
xdmp:user Returns the user ID for the specified user name.
xdmp:user-external-security Returns external security id and user name for an external user.
xdmp:user-get-default-collections Return the default collections of specified user.
xdmp:user-get-default-permissions Return the default permissions of specified user.
xdmp:user-privileges Return IDs of all privileges that a user have.
xdmp:user-roles Returns all roles assigned to a user, including roles directly assigned to the user and roles inherited by other roles.
xdmp:userid-roles Returns all roles assigned to a user, including roles directly assigned to the user and roles inherited by other roles.
xdmp:x509-certificate-extract Returns the XML representation of the specified X.509 certificate.
xdmp:x509-certificate-generate Generate a new PEM-encoded X.509 certificate.
xdmp:x509-certificate-issuer-name Returns the issuer distinguished name for the specified X.509 certificate.
xdmp:x509-certificate-subject-name Returns the subject distinguished name for the specified X.509 certificate.
Powered by MarkLogic Server | Terms of Use | Privacy Policy