Configure Granular Privileges via the Admin Interface
- Last Updated: May 20, 2026
- 1 minute read
- MarkLogic Server
- Version 12.0
- Documentation
To create a new granular privilege via the Admin Interface, follow steps for creating an execute privilege described at Creating an Execute Privilege in Administering MarkLogic Server.
For example, to create a granular privilege that grants a user an ability to administer a specific aspect (for example, backup) of a set of resources (for example, forests), perform the following steps:
-
Use the Admin Interface to create an execute privilege named
admin-forest-backup. -
Assign the action URI
http://marklogic.com/xdmp/privileges/admin/forest/backupto the privilege. -
Assign the privilege to the desired role or roles. You may want to create a specific role for this privilege depending on your security requirements.
The following screenshot depicts the Execute Privilege page with these parameters:
Note: You cannot create a granular privilege that grants a user the ability to administer a specific resource (such as a forest with the specified identifier) in the manner described here because resource identifiers are not exposed in the Admin Interface. To create a granular privilege of this type (for example, http://marklogic.com/xdmp/privileges/admin/forest/forest-ID), you need to use the functions of the XQuery API security module, as described in the following section Configure Granular Privileges via the XQuery API Security Module.