Loading TOC...
Messages and Codes Reference Guide (PDF)

MarkLogic 12 Product Documentation
Messages and Codes Reference Guide
— Chapter 25

SEC Messages

SEC-ADMINROLE

Message Text

The admin role name can not be changed

Cause

You tried to change admin role name. (e.g. with sec:role-set-name)

Response

The name of the admin role is read-only and cannot be changed. Do not attempt to do so.

SEC-AMPDNE

Message Text

Amp does not exist: namespace(variable1), local-name(variable2), document-uri(variable3), database(variable4)

Cause

An amp identified by ($namespace, $local-name, $document-uri, $database) is not present in the system.

Response

Verify that there is an amp that can be identified by the provided namespace, local-name, document-uri, and database.

SEC-AMPEXISTS

Message Text

Amp already exists

Cause

An amp identified by the ($namespace, $local-name, $document-uri) tuple is already present in the context database.

Response

Provide a unique tuple ($namespace, $local-name, $document-uri, $database) when creating the amp

SEC-BADACCESSKEY

Message Text

New access key is not valid

SEC-BADCAP

Message Text

Illegal Capability: variable1

SEC-BADCOLURI

Message Text

Collection URI is not valid

SEC-BADCOMPARTMENTNAME

Message Text

Compartment name is not valid: variable1

Cause

You provided a compartment name which is not valid. A Valid compartment name should not contain any of the following characters: \ * ? / : < > | ". Additionally, the name cannot contain whitespaces

Response

Provide a valid compartment name which adheres to the naming rules mentioned in the cause section

SEC-BADCOMPARTMENTPROTECTEDPATH

Message Text

Bad compartment for protected path: variable1

Cause

Compartmented roles of the same protected path set should belong to the same compartment

Response

Fix the code.

SEC-BADCREDAUTH

Message Text

Bad credential target authentication: variable1

Cause

The credential target authentication restriction is bad.

Response

Specify a valid value (basic, digest, digestbasic).

SEC-BADDB

Message Text

Specified database variable1 is not allowed

SEC-BADEXTERNALSECURITYNAME

Message Text

New external security name is not valid

Cause

Provided external security name is not valid. A external security name is valid which it does not contain any of the following characters: \ * ? / : < > | ". Additionally, the name also cannot contain whitespace.

Response

Provide a valid external security name which adheres to the naming guidelines mentioned in the cause section

SEC-BADKIND

Message Text

Privileges must be of kind "execute" or "uri"

SEC-BADPERMPROTECTEDPATH

Message Text

Bad permission for protected path: variable1

Cause

Protected path that has a path set only allows read permission

Response

Fix the code.

SEC-BADPRIVACTION

Message Text

New privilege action is not valid

SEC-BADPRIVNAME

Message Text

New privilege name is not valid

SEC-BADROLENAME

Message Text

New role name is not valid

Cause

When user provides a role name which is not valid. Role names are valid when it does not contain any of the following characters: \ * ? / : < > |. Additionally, the name also cannot contain space in between.

Response

Provide a valid role name which adheres to the naming guidelines mentioned in the cause section

SEC-BADSECRETKEY

Message Text

New secret key is not valid

SEC-BADSESSIONTOKEN

Message Text

New session token is not valid

SEC-BADSTORAGEACCOUNT

Message Text

New storage account name is not valid

SEC-BADSTORAGEKEY

Message Text

New storage key is not valid

SEC-BADUSERNAME

Message Text

New user name is not valid

Cause

Provided user name is not valid. A user name is valid which it does not contain any of the following characters: \ * ? / : < > | ". Additionally, the name also cannot contain whitespace.

Response

Provide a valid user name which adheres to the naming guidelines mentioned in the cause section

SEC-COLCNE

Message Text

Collection not protected

SEC-COLDNE

Message Text

Collection not protected: variable1

SEC-COLPERM

Message Text

Collection permission denied: variable1 variable2

SEC-COLPROTECTED

Message Text

Collection already protected

SEC-COMPARTMENTDNE

Message Text

Compartment does not exist: variable1

Cause

Specified compartment name is not valid.

Response

Specify a valid security compartment name; check its spelling and if it has been created.

SEC-CREDENTIALDNE

Message Text

Credential does not exist: variable1

Cause

There is no credential with the given name

Response

Provide a different credential name.

SEC-CREDENTIALEXISTS

Message Text

Credential already exists: variable1

Cause

There is already another credential with the same name in the system.

Response

Provide a different credential name which is not already in the system.

SEC-DEFAULTUSERDNE

Message Text

Default user does not exist: variable1 = variable2

SEC-DUNOPRIV

Message Text

Admin error. Default user does not have privileges to this server.

SEC-EMPTYACCESSKEY

Message Text

New access key is empty

SEC-EMPTYLDAPATTRIBUTE

Message Text

Empty ldap attribute element

SEC-EMPTYLDAPBASE

Message Text

Empty ldap base element

SEC-EMPTYLDAPDEFAULTUSER

Message Text

Empty ldap default user element

SEC-EMPTYLDAPPASSWORD

Message Text

Empty ldap password element

SEC-EMPTYLDAPSERVER

Message Text

Empty LDAP server element

Cause

Passing in an empty LDAP server when creating an LDAP external security object.

Response

Supply a valid LDAP server when creating the LDAP external security object.

SEC-EMPTYLDAPSERVERURI

Message Text

Empty ldap server uri element

SEC-EMPTYNSPREFIX

Message Text

Namespace prefix must not be empty.

Cause

Namespace prefix must not be empty.

Response

Empty ns prefix is not allowed. Use a non-empty prefix.

SEC-EMPTYNSURI

Message Text

Namespace uri must not be empty.

Cause

Namespace uri must not be empty.

Response

Empty ns uri is not allowed. Use a legal uri.

SEC-EMPTYOAUTHAUTHORIZATIONSERVERURI

Message Text

OAuth Authorization Server URI field cannot be empty

Cause

The OAuth Authorization Server URI field in the External Security form is empty.

Response

Make sure that you input the correct value for the OAuth Authorization Server URI field

SEC-EMPTYOAUTHCLIENTID

Message Text

OAuth Client ID field cannot be empty

Cause

The OAuth Client ID field in the External Security form is empty.

Response

Make sure that you input the correct value for the OAuth Client ID field

SEC-EMPTYOAUTHCLIENTSECRET

Message Text

OAuth Client Secret field cannot be empty

Cause

The OAuth Client Secret field in the External Security form is empty.

Response

Make sure that you input the correct value for the OAuth Client Secret field

SEC-EMPTYOAUTHINSTROSPECTIONSERVERURI

Message Text

OAuth Introspection Server URI field cannot be empty

Cause

The OAuth Introspection Server URI field in the External Security form is empty.

Response

Make sure that you input the correct value for the OAuth Introspection Server URI field

SEC-EMPTYOAUTHJWTISSUERURI

Message Text

OAuth JWT Issuer URI field cannot be empty

Cause

The OAuth JWT Issuer URI field in the External Security form is empty.

Response

Make sure that you input the correct value for the OAuth JWT Issuer URI field

SEC-EMPTYOAUTHPRIVILEGEATTRIBUTE

Message Text

OAuth Privilege Attribute field cannot be empty

Cause

The OAuth Privilege Attribute field in the External Security form is empty.

Response

Make sure that you input the correct value for the OAuth Privilege Attribute field

SEC-EMPTYOAUTHROLEATTRIBUTE

Message Text

OAuth Role Attribute field cannot be empty

Cause

The OAuth Role Attribute field in the External Security form is empty.

Response

Make sure that you input the correct value for the OAuth Role Attribute field

SEC-EMPTYOAUTHTOKENSERVERURI

Message Text

OAuth Token Server URI field cannot be empty

Cause

The OAuth Token Server URI field in the External Security form is empty.

Response

Make sure that you input the correct value for the OAuth Token Server URI field

SEC-EMPTYOAUTHUSERNAMEATTRIBUTE

Message Text

OAuth Username Attribute field cannot be empty

Cause

The OAuth Username Attribute field in the External Security form is empty.

Response

Make sure that you input the correct value for the OAuth Username Attribute field

SEC-EMPTYPWD

Message Text

Empty password

SEC-EMPTYREALM

Message Text

Empty realm

SEC-EMPTYSAMLENTITYID

Message Text

SAML Entity ID field cannot be empty

Cause

The SAML Entity ID field in the External Security form is empty.

Response

Make sure that you input the correct value for the SAML Entity ID field

SEC-EMPTYSAMLSERVER

Message Text

Empty SAML server element

Cause

Passing in an empty SAML server when creating an SAML external security object.

Response

Supply a valid SAML server when creating the SAML external security object.

SEC-EMPTYSECRETKEY

Message Text

New secret key is empty

SEC-EMPTYSESSIONTOKEN

Message Text

New session token is empty

SEC-EMPTYSTORAGEACCOUNT

Message Text

New storage account name is empty

SEC-EMPTYSTORAGEKEY

Message Text

New storage key is empty

SEC-EXTERNALSECURITYDNE

Message Text

External security does not exist: variable1 = variable2

Cause

The external security you specified is not present in the system.

Response

Make sure you check for misspelling the config name and verify the availability of the config in the system, then retry.

SEC-EXTERNALSECURITYEXISTS

Message Text

External security already exists

Cause

There is already another external security with the same name in the system.

Response

Provide a different external security name which is not already in the system.

SEC-EXTERNALSECURITYINUSE

Message Text

External security is protecting an HTTP, XDBC or ODBC Server.

Cause

External security is protecting an HTTP, XDBC or ODBC Server.

Response

Remove external security from HTTP, XDBC or ODBC Server

SEC-EXTSECCADEPRECATED

Message Text

Client certificate authorities in external security is deprecated. You can set the client certificate authorities in the AppServer.

SEC-GPHPERMDENIED

Message Text

Graph Permission denied: variable1 variable2

SEC-ILLEGALNSPREFIX

Message Text

Namespace prefix "xml" is reserved, Try different prefix.

Cause

Namespace prefix "xml" is reserved. It cannot be re-defined.

Response

"xml" is a reserved namespace prefix. Try different prefix.

SEC-INVALIDCREDNAME

Message Text

Invalid credential name: "variable1"

Cause

The credential name is invalid.

Response

Choose a name that is a valid NMTOKEN.

SEC-INVALIDFORMAT

Message Text

variable1 has the wrong format or is corrupted, variable2

SEC-INVALIDPERM

Message Text

Invalid permission

SEC-INVALIDPWD

Message Text

variable1 passphrase provided is invalid

SEC-INVAMP

Message Text

Invalid amp: doc(variable1)

SEC-INVAUTHENTICATION

Message Text

Invalid authentication element

SEC-INVAUTHHEADER

Message Text

Invalid HTTP Authorize header.

SEC-INVAUTHNSIGNATURE

Message Text

Invalid saml authn signature. Must be either "sha1" or "sha256"

SEC-INVAUTHORIZATION

Message Text

Invalid authorization element

SEC-INVCOLLECTION

Message Text

Bad collection element

SEC-INVDEFAULTCOLL

Message Text

Invalid default collections: doc(variable1)

SEC-INVDEFAULTPERM

Message Text

Invalid default permissions: doc(variable1)

SEC-INVEXTERNALNAMES

Message Text

Invalid external names: doc(variable1)

SEC-INVEXTERNALSECURITY

Message Text

Invalid external security: variable1

SEC-INVLDAPBINDMETHOD

Message Text

Invalid ldap bind method element

SEC-INVPRIV

Message Text

Invalid privilege: doc(variable1)

SEC-INVPROTECTEDPATH

Message Text

Invalid protected path: variable1

Cause

The path is either not indexable or is not an element or JSON property.

Response

Use a valid protected path.

SEC-INVQUERIES

Message Text

Invalid queries: doc(variable1)

SEC-INVQUERY

Message Text

Bad role or user capability query

SEC-INVQUERYROLESETS

Message Text

Invalid query rolesets: variable1

SEC-INVROLE

Message Text

Invalid role: doc(variable1)

SEC-INVROLEID

Message Text

Invalid Role ID: doc(variable1)

SEC-INVROLEIDS

Message Text

Invalid role IDs: doc(variable1)

SEC-INVSAMLENTITY

Message Text

Invalid saml entity: variable1

SEC-INVURI

Message Text

Invalid URI: variable1

Cause

URI has incorrect protocol.

Response

Try using HTTPS as the protocol.

SEC-INVUSER

Message Text

Invalid user: variable1

SEC-KEYGENNOTAVA

Message Text

Keystore generation so keys is not available.: variable1

Cause

Keystore on one or more hosts might be offline

Response

All hosts in the cluster must be online before this operation can be performed.

SEC-KEYSEXPORTFAILED

Message Text

Failed to export keys,see log for more details.: variable1

Cause

directory access or invalid PKCS#11 library

Response

Verify access to the kms directory under the MarkLogic data directory and path to the PKCS#11 library.

SEC-KEYSIMPORTFAILED

Message Text

Failed to import keys. variable1, variable2

SEC-KEYSTOREREPFAILED

Message Text

Keystore replication failed. variable1

Cause

Keystore is empty

Response

If switching to a new PKCS#11 library or kms directory path, make sure to call admin:cluster-rotate-data-encryption-key-id before adding more hosts to the cluster.

SEC-LASTADMIN

Message Text

Cannot delete last admin user: variable1

Cause

You attempted to remove the final user with the admin role.

Response

At least one user must have the admin role. Unless some other user also has the admin role, you cannot delete this user.

SEC-LDAPMD5DEPRECATED

Message Text

ldap bind method MD5 is deprecated

SEC-MUSTUNPROTECTPATH

Message Text

Only unprotected paths can be removed: variable1

Cause

The path is still protected.

Response

Fix the code.

SEC-NOADMIN

Message Text

User does not have admin-ui privilege.

Cause

You have attempted to access the Admin Interface and do not have the necessary security role or privileges to do so successfully.

Response

Contact your system administrator to have the proper roles and privileges assigned to you.

SEC-NOADMINROLE

Message Text

User does not have admin role.

Cause

You have attempted to access the Admin Interface and do not have the necessary security role or privileges to do so successfully.

Response

Contact your system administrator to have the proper roles and privileges assigned to you.

SEC-NOCERTIFICATEAUTHORITY

Message Text

No certificate authority with identifier variable1

SEC-NODIGEST

Message Text

No digest password for user and server set to use only digest authentication

SEC-NOEMPTYAMPDU

Message Text

New amp document uri cannot be empty

Cause

You are providing an empty document URI.

Response

Provide a non-empty document URI, which should be the URI of the module containing the function.

SEC-NOEMPTYAMPLN

Message Text

New amp local name cannot be empty

Cause

You are providing an empty amp name.

Response

Make sure you supply a non-empty and valid amp name.

SEC-NOEMPTYAMPNS

Message Text

New amp namespace cannot be empty

SEC-NOEMPTYCOLURI

Message Text

New collection URI cannot be empty

Cause

You are supplying a collection URI which is empty

Response

Either supply a different non-empty and valid collection URI or make the provided collection non-empty and resubmit.

SEC-NOEMPTYEXTERNALSECURITYNAME

Message Text

New external security name cannot be empty

Cause

You are providing an empty external security name.

Response

You should provide a non-empty and valid external security name. A valid external security name cannot contain any of the following characters: \ * ? / : < > | ". Additionally, the name cannot contain whitespace or dot (.).

SEC-NOEMPTYPRIVACTION

Message Text

New privilege action cannot be empty

Cause

You are providing an empty privilege action.

Response

Provide a non-empty and valid privilege action.

SEC-NOEMPTYPRIVNAME

Message Text

New privilege name cannot be empty

Cause

You are providing an empty privilege name

Response

You should provide a non-empty and valid privilege name. A valid privilege name cannot contain any of the following characters: \ * ? / : < > | ". Additionally, the name cannot contain whitespace or dot (.).

SEC-NOEMPTYROLENAME

Message Text

New role name cannot be empty

Cause

You are providing an empty role name

Response

You should provide a non-empty and valid role name. A valid role name cannot contain any of the following characters: \ * ? / : < > | ". Additionally, the name cannot contain whitespace or dot (.).

SEC-NOEMPTYUSERNAME

Message Text

New user name cannot be empty

Cause

You are providing an empty user name.

Response

You should provide a non-empty and valid user name. A valid user name cannot contain any of the following characters: \ * ? / : < > | ". Additionally, the name cannot contain whitespace or dot (.).

SEC-NOGRANT

Message Text

No privileges to grant/revoke role: variable1

SEC-NOPERMCAP

Message Text

Permission element or object does not contain a capability.

SEC-NOPERMPROTECTEDPATH

Message Text

Protected path must have at least one permission: variable1

Cause

The protected path would have no permission after the operation, which is not allowed.

Response

Fix the code.

SEC-NOPERMROLEID

Message Text

Permission element or object does not contain a role-id.

SEC-NOPROTECTEDPATH

Message Text

Protected path does not exist: variable1

Cause

The protected path does not exist.

Response

Fix the code.

SEC-OAUTHDEPRECATEDELEMENT

Message Text

The following OAuth element is deprecated in 11.2: variable1

Cause

Creating an external security with a deprecated element.

Response

Remove the deprecated elements from the OAuth payload and recreate the external security.

SEC-OAUTHEMPTYJWTSECRETSINPUT

Message Text

The inputted JWT key-ids or JWT secret values are empty.

Cause

Empty JWT key-ids or JWT secret values were provided.

Response

Provide a non-empty, valid JWT key-id or JWT secret value.

SEC-OAUTHFLOWTYPEDEPRECATED

Message Text

The Authorization code and Client credentials OAuth 2.0 flow types are deprecated.

Cause

Flow type is being set to Authorization code or Client credentials, both of which are deprecated.

Response

Set the OAuth 2.0 flow type to Resource server.

SEC-OAUTHINVALIDJWTSECRETSINPUT

Message Text

The inputted key-ids and JWT secret values pairs are invalid.

Cause

Number of inputted key-ids and JWT secret values are not equal, or duplicate key-ids are provided.

Response

Make sure that the number of inputted key-ids and JWT secret values are equal, and that there are no duplicate inputted key-ids.

SEC-OAUTHJWTKEYIDDOESNTEXISTS

Message Text

The inputted ID doesn't exist.

Cause

User is passing in an internal-id that doesn't exist when deleting or updating a JWT secret.

Response

Clean up the security database and retry the initial operation that was executed.

SEC-OAUTHJWTKEYIDEXISTS

Message Text

The inputted ID already exists.

Cause

User is passing in an internal-id that already exists when inserting a JWT secret.

Response

Clean up the security database and retry the initial operation that was executed.

SEC-OAUTHJWTSECRETSDOESNTEXIST

Message Text

The inputted JWT key-ids don't exist in the specified external security.

Cause

Trying to update or remove a JWT secret that doesn't exist in the external security.

Response

Make sure the inputted key-ids already exist in the specified external security.

SEC-OAUTHJWTSECRETSEXISTS

Message Text

The inputted JWT key-ids already exist in the specified external security.

Cause

Trying to add JWT secrets with an already existing JWT key-id in the external security.

Response

Make sure the inputted key-ids are unique and new key-ids in correspondence with the specified external security.

SEC-OAUTHJWTSECRETSINVOP

Message Text

The given JWT Secrets operation is invalid.

Cause

Executing an invalid JWT Secrets operation.

Response

Execute a valid (update/add) JWT Secrets operation.

SEC-OAUTHJWTSECRETSINVPAYLOAD

Message Text

Payload does not contain JWT Secrets information.

Cause

Providing a payload without JWT Secrets information to /manage/v2/external-security/{id|name}/jwt-secrets.

Response

Provide a valid payload to /manage/v2/external-security/{id|name}/jwt-secrets.

SEC-OAUTHSERVERNOTCONFIGURED

Message Text

OAuth server has not been configured.

Cause

External security object underwent recent upgrade.

Response

Execute one of the OAuth setter functions to insert OAuth server into the external security object.

SEC-OAUTHTOKENTYPEDEPRECATED

Message Text

"Internally managed reference tokens" is a deprecated token type.

Cause

Token type is being set to "Internally managed reference tokens", which is deprecated.

Response

Set the OAuth 2.0 token type to "JSON Web Tokens".

SEC-P11ERROR

Message Text

The PKCS#11 library produced an error

Cause

PKCS#11 library error

Response

See logs for details on the PKCS#11 library error

SEC-P11NOTINIT

Message Text

The PKCS#11 wallet was not initialized

Cause

Directory access or invalid PKCS#11 library

Response

Verify access to the kms directory under the MarkLogic data directory and path to the PKCS#11 library.

SEC-P11SESSION

Message Text

Failed to open a session with the PKCS#11 wallet

Cause

Directory access, invalid HSM path, or invalid PKCS#11 library has been configured

Response

Verify keystore configuration, and see logs for details

SEC-PERMDENIED

Message Text

Permission denied: variable1 variable2

SEC-PRIV

Message Text

Need privilege: variable1

SEC-PRIVDNE

Message Text

Privilege does not exist: action(variable1), kind(variable2)

SEC-PRIVEXISTS

Message Text

Privilege already exists

Cause

There is already a privilege for the $action URI you provided.

Response

Make sure that the URI provided for the $action parameter is unique.

SEC-PRIVIDDNE

Message Text

Privilege does not exist: id(variable1)

SEC-PRIVINUSE

Message Text

Privilege protecting an HTTP, XDBC or ODBC Server

SEC-PRIVNAMEEXISTS

Message Text

Privilege name already exists

SEC-REJECTEDPWD

Message Text

Password is too weak

SEC-REMOTEPRIV

Message Text

Need privilege (remote): variable1

SEC-RNEXISTS

Message Text

Role Name already exists

Cause

The role name you supplied is already in the system.

Response

Make sure you supply a role name that is not present in the system.

SEC-ROLEDNE

Message Text

Role does not exist: variable1 = variable2

Cause

You are supplying a role which is not present in the system.

Response

Make sure you check for misspellings and verify the availability of the role in the system, then retry.

SEC-ROLEEXISTS

Message Text

Role already exists

Cause

When you try to create a Role which is already existing in the system.

Response

Use another role name which is not already present in the security database.

SEC-ROLENOTASSOC

Message Text

Role not associated with variable1

SEC-SAMLENTITYEXISTS

Message Text

SAML entity already exists

Cause

There is already another SAML entity with the same id in the system.

Response

Provide a different SAML entity id which is not already in the system.

SEC-TEMPORALDOC

Message Text

Cannot perform non-temporal operation on document in temporal collection

Response

Admin will be able to perform this operation by setting "updates-admin-override" on temporal collection using temporal:collection-set-options($collection,"updates-admin-override")

SEC-UNEXISTS

Message Text

User Name already exists

Cause

There is already another user in the system with the name you provided.

Response

Make sure you supply a unique name for the user.

SEC-UNPROTECTEDCOLPRIV

Message Text

Unprotected collection privilege required

SEC-URIPRIV

Message Text

URI privilege required

SEC-USERDNE

Message Text

User does not exist: variable1 = variable2

Cause

The user you specified is not present in the system.

Response

Make sure you check for misspelling the user name and verify the availability of the user in the system, then retry.

SEC-USEREXISTS

Message Text

User already exists

Cause

There is already another user with the same name in the system.

Response

Provide a different user name which is not already in the system.

XDMP-NOEXTERNALSECURITY

Message Text

No external security with identifier variable1

« Previous chapter
Next chapter »