MarkLogic Server 11.0 Product DocumentationQuery Console User Guide — Chapter 3
Administering Query Console
This chapter covers tasks specific to administering Query Console on your MarkLogic Server.
Controlling Access to Query Console
Query Console stores per user information about workspaces and queries in MarkLogic Server. Query Console uses the following pre-defined security roles:
Users also require normal privileges to any databases or documents they access through Query Console.
For details about the MarkLogic Server security model and about configuring users and roles, see the Security Guide and Security Administration in the Administrator's Guide.
qconsole-user
The qconsole-user role is a minimally privileged role that is needed to use Query Console. You must grant this role to all users who are allowed to use Query Console.
The qconsole-user role has the following execute privileges:
qconsole-internal
The qconsole-internal role is used by Query Console to amp certain functions that Query Console performs. You should not explicitly grant the qconsole-internal role to any user; it is only for internal use by Query Console.
Removing a User's Data From the Server
When Query Console users create workspaces and queries, the data is saved on the server in the App-Services database. If you need to remove all of a user's Query Console state information from the server, use a script similar to the following script.
For further assistance, if you have an active maintenance contract, you can contact MarkLogic Technical Support.
xquery version "1.0-ml"; declare namespace qc="http://marklogic.com/appservices/qconsole"; (: find the user id associated with a user name :) declare function local:get-user-id($user-name as xs:string) { let $eval := fn:concat( 'xquery version "1.0-ml"; import module namespace sec="http://marklogic.com/xdmp/security" at "/MarkLogic/security.xqy"; sec:uid-for-name("', $user-name, '")') let $options := <options xmlns="xdmp:eval"> <database>{xdmp:database("Security")}</database> </options> return xdmp:eval($eval, (), $options) }; (: retrieve all workspace URI's for a named user :) declare function local:get-workspace-uris( $user-name as xs:string) { let $user-id := local:get-user-id($user-name) return if (fn:empty($user-id)) then () else for $d in fn:doc()/qc:workspace/qc:security[qc:userid eq $user-id] return base-uri($d) }; (: retrieve id's for all queries in a given workspace :) declare function local:get-query-ids( $workspace-uri as xs:string) { for $qid in fn:doc($workspace-uri)/qc:workspace/qc:queries/qc:query/*:id return $qid }; (: Retrieve id's of all history entries associated with a query id :) declare function local:get-query-history( $qid as xs:unsignedLong) { for $d in fn:doc() where $d/qc:history/qc:query[qc:id eq $qid] return base-uri($d) }; let $user-name := xdmp:get-request-field("username") let $user-documents := for $ws in local:get-workspace-uris($user-name) return ( for $qid in local:get-query-ids($ws) return ( fn:concat("/queries/", $qid, ".txt"), local:get-query-history($qid) ), $ws ) for $d in $user-documents return xdmp:document-delete($d)