Loading TOC...
Query Console User Guide (PDF)

Query Console User Guide — Chapter 4

Administering Query Console

This chapter covers tasks specific to administering Query Console on your MarkLogic Server.

Controlling Access to Query Console

Query Console stores per user information about workspaces and queries in MarkLogic Server. Query Console uses the following pre-defined security roles:

  • qconsole-user
  • qconsole-internal

Users also require normal privileges to any databases or documents they access through Query Console.

For details about the MarkLogic Server security model and about configuring users and roles, see the Security Guide and Security Administration in the Administrator's Guide.


The qconsole-user role is a minimally privileged role that is needed to use Query Console. You must grant this role to all users who are allowed to use Query Console.

The qconsole-user role has the following execute privileges:

  • qconsole (http://marklogic.com/xdmp/privileges/qconsole)


The qconsole-internal role is used by Query Console to amp certain functions that Query Console performs. You should not explicitly grant the qconsole-internal role to any user; it is only for internal use by Query Console.

Removing a User's Data From the Server

When Query Console users create workspaces and queries, the data is saved on the server in the App-Services database. If you need to remove all of a user's Query Console state information from the server, use a script similar to the following script.

For further assistance, if you have an active maintenance contract, you can contact MarkLogic Technical Support.

xquery version "1.0-ml";

declare namespace qc="http://marklogic.com/appservices/qconsole";

(: find the user id associated with a user name :)
declare function local:get-user-id($user-name as xs:string)
  let $eval :=
      'xquery version "1.0-ml";
       import module namespace
                  at "/MarkLogic/security.xqy";
       sec:uid-for-name("', $user-name, '")')
  let $options :=
    <options xmlns="xdmp:eval">
  xdmp:eval($eval, (), $options)

(: retrieve all workspace URI's for a named user :)
declare function local:get-workspace-uris(
  $user-name as xs:string)
  let $user-id := local:get-user-id($user-name)
    if (fn:empty($user-id))
    then ()
    for $d in fn:doc()/qc:workspace/qc:security[qc:userid eq $user-id]
      return base-uri($d)

(: retrieve id's for all queries in a given workspace :)
declare function local:get-query-ids(
  $workspace-uri as xs:string)
  for $qid in     fn:doc($workspace-uri)/qc:workspace/qc:queries/qc:query/*:id
  return $qid

(: Retrieve id's of all history entries associated with a query id :)
declare function local:get-query-history(
  $qid as xs:unsignedLong)
  for $d in fn:doc()
  where $d/qc:history/qc:query[qc:id eq $qid]
  return base-uri($d)

let $user-name := xdmp:get-request-field("username")
let $user-documents :=
  for $ws in local:get-workspace-uris($user-name)
  return (
    for $qid in local:get-query-ids($ws)
        fn:concat("/queries/", $qid, ".txt"),
for $d in $user-documents
return xdmp:document-delete($d)
« Previous chapter