Powered by Zoomin Software. For more details please contactZoomin

Secure MarkLogic Server

Table of Contents

A More Complex Example

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: May 20, 2026
  • 1 minute read
    • MarkLogic Server
    • Version 12.0
    • Documentation

To expand even more on the node-update example with added document permissions, you could have roles with both protected paths and document permissions.

Say you have a document with these nodes:

<foo>
  <bar>
<baz>

At the document level, there are these permissions:

("role1", "read"), ("role1", "node-update")
("role2", "read"), ("role2", "node-update")
("role3", "read"), ("role3", "update")

At the element level, there are these permissions for protected paths:

<foo>, ("role1", "read"), ("role1", "node-update")
<bar>, ("role2", "read"), ("role2", "node-update")

In this example,

  • role1 cannot update (or override) <bar> because at the element level role2 has <bar> protected path permissions.

  • role3 can override everything because at the document level it has update capability but can only read <baz> which has no protected paths.

TitleResults for “How to create a CRG?”Also Available inAlert