Powered by Zoomin Software. For more details please contactZoomin

Secure MarkLogic Server

Table of Contents

Protecting the Execution of XQuery Modules

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: April 14, 2026
  • 1 minute read
    • MarkLogic Server
    • Version 10.0
    • Documentation

One simple way to restrict access to your MarkLogic Server application is to limit the users that have permission to run the application. If you load your Xquery code into a modules database, you can use an execute permission on the XQuery document itself to control who can run it. Then, a user must possess execute permissions to run the module. To set up a module to do this, perform the following steps:

  1. Using the Admin Interface, specify a modules database in the configuration for the app server (HTTP or WebDAV) that controls the execution of your XQuery module.

  2. Load the XQuery module into the modules database using a URI with an .xqy extension like my_module.xqy.

  3. Set execute permissions on the XQuery document for a given role. For example, if you want users with the run_application role to be able to execute an XQuery module with the URI http://modules/my_module.xqy, run a query similar to the following:

    xdmp:document-set-permissions("http://modules/my_module.xqy",
      xdmp:permission("run_application", "execute") )

  4. Create the run_application role.

  5. Assign the run_application role to the users who can run this application.

Now only users with the run_application role can execute this document.

Note:

Because your application could also contain amped functions, this technique can help restrict access to applications that use amps.

TitleResults for “How to create a CRG?”Also Available inAlert