Powered by Zoomin Software. For more details please contactZoomin

Secure MarkLogic Server

Table of Contents

Using Execute Privileges

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: April 14, 2026
  • 1 minute read
    • MarkLogic Server
    • Version 11.0
    • Documentation

The basic steps for using execute privileges are:

  • Create the privilege.

  • Assign the privilege to a role.

  • Write code to test for the privilege.

You create privileges and assign them to roles using the Admin Interface.

To test for a privilege, use xdmp:security-assert() (XQuery) or xdmp.securityAssert() (JavaScript). This function tests to determine if the user running the code has the specified privilege. If the user possesses the privilege, then the code continues to execute. If the user does not possess the privilege, then the server throws an exception, which the application can catch and handle.

For example, to create an execute privilege to control the access to an XQuery function called display-salary, use the following steps:

  1. Use the Admin Interface to create an execute privilege named allow-display-salary.

  2. Assign any URI (for example, http://my/privs/allow-display-salary) to the execute privilege.

  3. Assign a role to the privilege. You may want to create a specific role for this privilege depending on your security requirements.

  4. Finally, in your display-salary() XQuery function, include an xdmp.securityAssert() call to test for the allow-display-salary execute privilege as follows:

xquery version "1.0-ml";
declare function display-salary (
     $employee-id as xs:unsignedLong) 
as xs:decimal
{
xdmp:security-assert("http://my/privs/allow-display-salary", "execute"), 
...
} ;
TitleResults for “How to create a CRG?”Also Available inAlert