Loading TOC...

sec.createUser

sec.createUser(
   $user-name as String,
   $description as String?,
   $password as String,
   $role-names as String[],
   $permissions as element(sec.permission)[],
   $collections as String[],
   [$external-names as String[]],
   [$queries as Object]
) as (Number|String)

Summary

Creates a new user in the system database for the context database. Returns the user ID of the created user.

Parameters
$user-name A unique username. If $user-name is not unique, an error is returned.
$description A description of the user.
$password The initial password for this user.
$role-names The roles (if any) assigned to this user. If one of the $role-names names a role that does not exist, an error is returned.
$permissions The default permissions granted to this user.
$collections The URIs for the default collections to which this user has access.
$external-names One or more external names used to match the user with one or more Distinguished Names in an LDAP server or User Principals in a Kerberos server.
$queries A map from capabilities (read, update, node-update, and execute) to cts queries for the user.

Required Privileges

http://marklogic.com/xdmp/privileges/create-user or create-data-user
and, for role assignment:
http://marklogic.com/xdmp/privileges/grant-all-roles or
http://marklogic.com/xdmp/privileges/grant-my-roles
and, for creating users with queries:
http://marklogic.com/xdmp/privileges/user-set-queries

Usage Notes

This function must be executed against the security database.

Example


// execute this against the security database
declareUpdate();   
const sec = require('/MarkLogic/security.xqy');

sec.createUser(
    "Jim",
    "Jim the temp",
    "newtemp",
    "Temporary",
    [xdmp.permission("security", "read","element")]
    ["http://marklogic.com/dev_modules"])
 
 // Creates a new user, named "Jim," with the role, "Temporary."  "Jim" 
 // is assigned the default permission, security(read), and the default 
 // collection, "http://marklogic.com/dev_modules".   
  

Example


// execute this against the security database.
declareUpdate();   
const sec = require('/MarkLogic/security.xqy');
    
sec.createUser(
  "Mike", 
  "Mike the contractor", 
  "password", 
  "can-read", [], [], [],
  {
    "read":cts.elementQuery(xs.QName("metadata"), 
            cts.elementWordQuery(xs.QName("group"), "group-all"))
  }
)

// Creates a new user, named "Mike", and with the role "can-read". "Mike" has user
// queries which allows him to read only the documents with "group-all" in the
// metadata.
  

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.