Problem

You’d like to get a list of a particular user’s permissions on a document.

Solution

The xdmp:document-get-permissions() function will get all permissions, but you can narrow it down after identifying the user’s roles.

let $roles := xdmp:user-roles("some-user")
return
  xdmp:document-get-permissions("/content/some-doc.json")
    [sec:role-id = $roles]/sec:capability/fn:string()

The result will be a sequence of permission strings from among “read”, “update”, “insert”, and “execute”.

Discussion

Permissions are assigned to a document by role. Users are also assigned roles, and through them gain access to documents.

The first step of this recipe is to gather the roles that the specified user has. The xdmp:user-roles() function returns both the roles that the user has been directly granted and any inherited roles.

With the roles in hand, we can retrieve all the permissions on the target document, then use some XPath to retrieve just the ones we are interested in.

Learn More

Advanced Security

Explore all technical resources related to advanced security in MarkLogic.

View Technical Resources
MarkLogic Security Course

This course walks through how to securely manage data inside the MarkLogic database.

Take the Course
MarkLogic Security Guide

Read over how to use the role-based security model in MarkLogic Server.

Read the Documentation
Stay on top of everything Marklogic.

Be the first to know! News, product information, and events delivered straight to your inbox.

Sign Me Up
This website uses cookies.

By continuing to use this website you are giving consent to cookies being used in accordance with the MarkLogic Privacy Statement.

I Accept