Powered by Zoomin Software. For more details please contactZoomin

Secure MarkLogic Server

Table of Contents

Create Roles

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: May 20, 2026
  • 1 minute read
    • MarkLogic Server
    • Version 12.0
    • Documentation

Carly sets up some roles, can-update, can-read, group-all, group-engineering, and group-finance, by running this code against the Security database:

xquery version "1.0-ml";
import module namespace sec="http://marklogic.com/xdmp/security" 
  at "/MarkLogic/security.xqy";
(: Uncompartmented roles can-read and can-update for compartment setup :)
sec:create-role("can-read", "General read", (), (), ()),
sec:create-role("can-update", "General update", (), (), ()),

(: Compartment role group-all for compartment permissions :)
sec:create-role("group-all", "All groups.", (), (), (), "compartment-group"),
 
sec:create-role("group-engineering", "Engineering.", 
   (), (), (),"compartment-group", (), 
     map:map()=>map:with(
     "node-update", cts:not-query(cts:element-query(xs:QName("price"), cts:true-query()))
   )=>map:with(
     "read", cts:element-query(xs:QName("feature"),cts:true-query())
   )
), 
sec:create-role("group-finance", "Finance.", 
   (), (), (), "compartment-group", (), 
     map:map()=>map:with(
     "node-update", cts:element-query(xs:QName("price"), cts:true-query())
   )=>map:with(
     "read", cts:element-query(xs:QName("price"), cts:true-query())
   ) 
);
xquery version "1.0-ml";

import module namespace sec="http://marklogic.com/xdmp/security" 
   at "/MarkLogic/security.xqy";

sec:create-user("Mike", "Contractor", "Mike", 
   ("can-read"), (), (), (),
   map:map()=>map:with(
     "read",cts:element-query(xs:QName("metadata"), 
cts:element-word-query(xs:QName("group"), "group-all"))
    )
)
TitleResults for “How to create a CRG?”Also Available inAlert