What is the difference between a forest-level backup and a database-level backup?

A database-level backup backs up all forests in the specified directory, creating new data for each initiation. Forest-level backups require separate directories for individual forests and keep incremental backups that only overwrite changed stands.

How do I log into the MarkLogic Administrative Interface (Admin UI)?

Access the Admin Interface by opening http://localhost:8001/ in your browser, enter the admin username and password. If you have already logged on as an admin during this session, a login is not necessary.

How do I restart MarkLogic Server?

To restart the server, follow these steps: Use the System Command to stop the MarkLogic server and then start it again; alternatively, you can use the Admin Interface, which can be accessed by navigating to http://localhost:8001/.

Admin Login Details For 10 10 10 254 — Manual, FAQ & Troubleshooting

Name: Admin Login Details For 10 10 10 254
Brand: Admin

Page 1

MarkLogic Server

Administrator’s Guide

MarkLogic 10 May, 2019

Last Revised: 10.0-9, February, 2022

################# MarkLogic Server

Table of Contents

Administrator’s Guide

1.0 Introduction ..................................................................................................17

1.1 Objectives .............................................................................................................17

1.2 Audience ...............................................................................................................17

1.3 Scope and Requirements .......................................................................................17

1.4 Architecture Overview ..........................................................................................18

Page 2

Page 3

Page 4

Page 5

Page 6

Page 7

Page 8

Page 9

Page 10

Page 11

Page 12

Page 13

Page 14

Page 15

Page 16

Page 17

Page 18

Page 19

Page 20

Page 21

Page 22

Page 23

Page 24

Page 25

Page 26

Page 27

Page 28

Page 29

Page 30

Page 31

Page 32

Page 33

Page 34

Page 35

Page 36

Page 37

Page 38

Page 39

Page 40

Page 41

Page 42

Page 43

Page 44

Page 45

Page 46

Page 47

Page 48

Page 49

Page 50

Page 51

Page 52

Page 53

Page 54

Page 55

Page 56

Page 57

Page 58

Page 59

Page 60

Page 61

Page 62

Page 63

Page 64

Page 65

Page 66

Page 67

Page 68

Page 69

Page 70

Page 71

Page 72

Page 73

Page 74

Page 75

|Field|Description| |---|---| | | | |compressed tree cache partitions|The number of independent compressed tree cache partitions to allocate. More partitions allow more concurrency, but make each individual cache partition smaller, which could make it more likely for the cache to fill up. The default is determined based on the amount of memory on your system and should work well for most installations. If you see a lot of CPU under-utilization under heavy concurrent query loads then raising this value can improve performance. The server may use fewer or more than the configured partitions to keep partition sizes between 512 and 8192 megabytes. This setting is only used when cache sizing is set to manual.| |expanded tree cache size|The amount of memory to dedicate to caching tree data in expanded form for the query evaluator. This setting is only used when cache sizing is set to manual.| |expanded tree cache partitions|The number of independent expanded tree cache partitions to allocate. More partitions allow more concurrency, but make each individual cache partition smaller, which could make it more likely for the cache to fill up. The default is determined based on the amount of memory on your system and should work well for most installations. If you see a lot of CPU under-utilization under heavy concurrent query loads then raising this value can improve performance. The server may use fewer or more than the configured partitions to keep partition sizes between 1024 and 8192 megabytes. This setting is only used when cache sizing is set to manual.| |triple cache size|The amount of memory to dedicate to caching triple data for all ondisk stands. This setting is only used when cache sizing is set to manual.| |triple cache partitions|The number of independent triple cache partitions to allocate. More partitions allow more concurrency, but make each individual cache partition smaller, which could make it more likely for the cache to fill up. The default is determined based on the amount of memory on your system and should work well for most installations. If you see a lot of CPU under-utilization under heavy concurrent query loads, then raising this value can improve performance. The server may use fewer or more than the configured partitions to keep partition sizes between 1024 and 8192 megabytes. This setting is only used when cache sizing is set to manual.|

|Field|Description| |---|---| | | | |triple value cache size|The amount of memory to dedicate to caching triple value data for all on-disk stands. This setting is only used when cache sizing is set to manual.| |triple value cache partitions|The number of independent triple value cache partitions to allocate. More partitions allow more concurrency, but make each individual cache partition smaller, which could make it more likely for the cache to fill up. The default is determined based on the amount of memory on your system and should work well for most installations. If you see a lot of CPU under-utilization under heavy concurrent query loads, then raising this value can improve performance. The server may use fewer or more than the configured partitions to keep partition sizes between 512 and 8192 megabytes. This setting is only used when cache sizing is set to manual.| |compressed tree read size|The size of the block for random access when reading compressed tree files.| |triple cache timeout|The time, in seconds, that a cached triple index page can be unused before being eligible to be flushed from the cache. Larger values can potentially cause more memory to be used for by the triple cache. Smaller values can potentially cause more time to be used reloading triple index pages.| |triple value cache timeout|The time, in seconds, that a cached triple value index page can be unused before being eligible to be flushed from the cache. Larger values can potentially cause more memory to be used for by the triple value cache. Smaller values can potentially cause more time to be used reloading triple value index pages.| |smtp relay|The network location (host:port) of the SMTP server. This server is used for all SMTP requests issued through the xdmp:email built-in function. The default port number of the SMTP server is 25. For details, see “Configuring an SMTP Server” on page 64.| |smtp timeout|The time, in seconds, before an SMTP request times out and issues an error.| |http user agent|The User-agent string issued when making HTTP requests from an App Server in the group.| |http timeout|The time, in seconds, before an HTTP request times out.|

Page 76

Page 77

|xdqp-ssl ciphers|The SSL ciphers that may be used.| |background I/O limit|The maximum megabytes per second that a host may use for background I/O (merge, backup, restore). A value of 0 means no limit.| |metering enabled|Specifies if usage metering is enabled for this group. When usage metering is enabled, a small amount of statistics about resources being used is saved to the meters database.| |performance metering enabled|Specifies if performance metering is enabled for this group. When enabled, performance statistics are stored in the Meters database to enable historic views of cluster performance.| |metering database|The name of the database in which usage metering and historic performance data will be stored.| |performance metering period|The performance metering period in minutes.| |metering retain raw|The number of days raw performance metering data is retained.| |metering retain hourly|The number of days hourly performance metering data is retained.| |metering retain daily|The number of days daily performance metering data is retained.| |telemetry-log-level|The minimum log level for log messages collected and sent by telemetry. For details, see Configure Telemetry in the Admin UI in the Monitoring MarkLogic Guide.

| |telemetry-metering|The set of Metering data collected by telemetry. For details, see Telemetry in the Monitoring MarkLogic Guide.

| |telemetry-config|The frequency of Config file changes collected by telemetry. For details, see Telemetry in the Monitoring MarkLogic Guide.

| |telemetry proxy|The URL of the proxy used by telemetry. Proxy URL should start with https://, for example, https://proxy.marklogic.com:8080. If you don't specify the port number, it assumes the proxy server is listening on port 8080. For details, see Telemetry in the Monitoring MarkLogic Guide.

|

|Field|Description| |---|---| | | | |s3 domain|The internet domain name of the simple storage service. The default value is s3.amazonaws.com. To access a different simple storage service that is API compatible with Amazon S3, specify it here.| |s3 protocol|The network protocol to use when accessing the simple storage service. The default is https. To use a more secure protocol when accessing the simple storage service, choose https.| |s3 server side encryption|The method of data encryption for data at rest on the simple storage service. The default is aes256 To encrypt data at rest on the simple storage service, choose aes256. To encrypt data by custom AWS KMS key, choose aws:kms. You must use https to access an object protected by AWS KMS.| |s3 server side encryption kms key|The custom AWS KMS key of encryption for data at rest on the simple storage service. If you choose kms:key encryption and want to use your own KMS key, this field is required. Otherwise the default KMS key is used. The AWS KMS key must be in the same region as the S3 bucket.| |s3 proxy|The URL of the proxy server to access S3. The proxy URL should start with https:// (for example, https:// proxy.marklogic.com:8080). If you don't specify the port number, MarkLogic assumes the proxy server is listening on port 8080.|

Page 78

Page 79

Page 80

Page 81

Page 82

Page 83

Page 84

Page 85

Page 86

Page 87

Page 88

Page 89

• XDBC Server Overview

• Procedures for Creating and Managing XDBC Servers

This chapter describes how to use the Admin Interface to create and configure XDBC servers. For details on how to create and configure XDBC servers programmatically, see Creating and Configuring App Servers in the Scripting Administrative Tasks Guide.

######### 8.1 XDBC Server Overview

XDBC (XML Database Connector) servers are defined at the group level and are accessible by all hosts within the group. Each XDBC server provides access to a specific forest, and to a library (root) of XQuery programs that reside within a specified directory structure. Applications execute by default against the database that is connected to the XDBC server.

XDBC Servers allow XML Contentbase Connector (XCC) applications to communicate with MarkLogic Server. XCC is an API used to communicate with MarkLogic Server from Java middleware applications. XDBC servers also allow old-style XDBC applications to communicate with MarkLogic Server, although XDBC applications cannot use certain 3.1 and newer features (such as point-in-time queries). Both XCC and XDBC applications use the same wire protocol.

XQuery requests submitted via XCC return results as specified by the XQuery code. These results can include XML and a variety of other data types. It is the XCC application's responsibility to parse, process and interpret these results in a manner appropriate to the variety of data types available. There are a number of publicly available libraries for assisting with this task, or you may write your own code. In order to accept connections from XCC-enabled applications, MarkLogic Server must be configured with an XDBC Server listening on the designated port. Each XDBC Server connects by default to a specific database within MarkLogic Server, but XCC provides the ability to communicate with any database in the MarkLogic Server cluster to which your application connects (and for which you have the necessary permissions and privileges).

XDBC servers follow the MarkLogic Server security model, as do HTTP and WebDAV servers. The server authenticates access to those programs using user IDs and passwords stored in the security database for that XDBC server. (Each XDBC server is connected to a database, and each database is in turn connected to a security database in which security objects such as users are stored.)

Granular access control to the system and to the data is achieved through the use of privileges and permissions. For details on configuring security objects in MarkLogic Server, see “Security Administration” on page 339. For conceptual information on the MarkLogic Server security model, see Security Guide.

######### 8.2 Procedures for Creating and Managing XDBC ServersUse the following procedures to create and manage XDBC servers:

• Creating a New XDBC Server

Page 90

Page 91

Page 92

Page 93

Page 94

Page 95

Page 96

Page 97

Page 98

Note: Because users who have write permissions to the database on a WebDAV server can load documents into the database via a WebDAV client, be sure to configure appropriate default permissions on those users so that documents they load (for example, by dragging and dropping files into a WebDAV folder) have the needed permissions for other users to read and write, according to your security policy. You can achieve such granular access control to the system and to the data through the use of privileges and permissions. For information on using security features in MarkLogic Server, see “Security Administration” on page 339 and the chapters related to security in the Application Developer’s Guide.

######### 9.1.3 Directories

A WebDAV directory is analogous to a file system directory. A directory must exist in order to view (via a WebDAV client) any documents in that directory (just like in a filesystem, where you must navigate to a directory in order to access any files in that directory). Each document in a directory has a URI that includes the directory URI as a prefix. Also, each directory visible from a WebDAV server must have the WebDAV root as its prefix, and there must exist a directory with the WebDAV root in the database.

For example, if you have a WebDAV root of http://marklogic.com/, then the URI of all documents and all directories must begin with that root in order to be visible from a WebDAV client. Also, the directory with a URI http://marklogic.com/ must exist in the database. Therefore, a document with a URI of http://marklogic.com/file.xml is visible from this WebDAV server, and a directory with a URI of http://marklogic.com/dir/ is also visible. A directory with a URI of /dir/ and a document with a URI of /dir/file.xml is not visible from this server, however, because its URI does not begin with the WebDAV root.

The following sections describe further details about directories:

• Automatic Directory Creation in a Database Settings

• Properties and URIs of Directories

For more details on directories and properties, see the “Property Documents and Directories” chapter of the Application Developer’s Guide.

######### 9.1.3.1 Automatic Directory Creation in a Database Settings

In the configuration for a database in the Admin Interface, there is a directory creation setting. The directory creation setting specifies whether directories are created automatically when you create a document.

If you are using a WebDAV server to load documents into a database, we recommend you use the Admin Interface to set the directory creation setting for your database to automatic. If you create a WebDAV server that accesses a database with directory creation set to automatic, the root directory (required in order to access the database via a WebDAV client) is automatically created. Automatic directory creation also helps if you are loading documents manually (using the xdmp:document-load function, for example) whose URIs include directory hierarchies that do not exist in the database. Any directory implied by a URI is automatically created with directory creation set to automatic.

Page 99

Page 100

Note: It is possible to create a document with a URI that ends in a forward slash (/). To avoid confusion with directory URIs, the best practice is to avoid creating documents with URIs that end in a forward slash.

######### 9.1.4 Server Root Directory

Each WebDAV server has a concept of a root. The root is the top-level directory accessible from the server; you can access any documents or directories in the database that are children of the root. The root therefore serves as a prefix for all document and directory URIs accessible through the WebDAV server. You enter the WebDAV root in the Admin Interface. The root can be any valid URI. The root should always end with a forward slash (/), and if it does not, the Admin Interface will append one to the string provided.

The root should be a unique string that can serve as the top of a directory structure. It is common practice to use a WebDAV root of the form http:///, but that is not required. The following are some examples of WebDAV roots:

http://myCompany/marketing/ /myCompany/marketing/

Note: Directories cannot end in two forward slashes (//). Therefore, you cannot create a directory with a URI http://. If you specify a root of http://myCompany for a WebDAV server and directory creation is set to automatic in the database, a directory with the URI http://myCompany/ is automatically created in the database.

Whatever the root, any documents accessible through the WebDAV server must have URIs that begin with the root. Also, any documents created through a WebDAV client (for example, by dragging and dropping into a web folder) will be loaded with URIs beginning with the WebDAV root.

For example, a document with URI /myCompany/marketing/strategy.doc is accessible (given the necessary security permissions) via the WebDAV server with the root /myCompany/marketing/, and you can create that document by dragging a document named strategy.doc into a web folder configured to access the WebDAV server described above.

Note: When a WebDAV client accesses a WebDAV server whose database has directory creation set to automatic, if the WebDAV root directory does not exist in that database, it is automatically created. The directory is created with no permissions, so it will only be readable by users with the admin role. For other users to be able to use the WebDAV server, you should add appropriate read permissions to the directory (with xdmp:document-add-permissions, for example). For details on document and directory permissions, see Security Guide.

######### 9.1.5 Documents in a WebDAV Server

The main purpose of a WebDAV server is to make it easy for people to store, retrieve, and modify documents in a database. The documents can be any type, whether they are text documents such

as .txt files or source code, binary documents such as image files or Microsoft Word files, or XML documents. Because the documents are stored in a database, you can create applications that use the content in those documents for whatever purpose you need. You can also use the database backup and restore features to easily back up the content in the database.

Page 101

Page 102

Page 103

Page 104

Page 105

Page 106

Page 107

|WebDAV Client|How to Get It|Notes| |---|---|---| | | | | |Windows Explorer|Part of Windows 10 in many configurations|Allows drag and drop from Windows. For instructions on setting up, see “Steps to Connect to a Web Folder in Windows Explorer” on page 96. Some Windows clients require digest authentication.| |PerlDAV|http://www.webdav.org/perldav/

|A command line, perl-based WebDAV client. Designed to be scriptable and to allow you to send individual WebDAV calls.| |XML Spy|Altova Software (http:// www.altova.com/)

|Allows you to open, edit, and save XML files in XML Spy. Use the File > Open URL menu item in XML Spy.| |jEdit DAV plug-in|Available on developer.marklogic.com

|Allows you to view and edit database documents in jEdit 4.2. This version is available from developer.marklogic.com.

|

For detailed information on these clients, see the documentation accompanying these products.

Note: Directory and document names in WebDAV (and in MarkLogic Server databases) are case-sensitive, but some WebDAV clients (Windows Explorer, for example) are not case-sensitive. While Windows recognizes case, it treats the directory named NewFolder as the same directory as one named newFolder. Therefore, directory or document names that differ only in case might cause confusion when using Windows Explorer or other case-insensitive WebDAV clients. If possible, avoid assigning names to directories or documents that differ only by case (for example, NewFolder vs newFolder).

Note: Windows WebDAV clients will cause two transactions upon initial document creation: the first is a 0-length WebDAV PUT resulting in a new 0-length document, and the second is an update to the 0-length document. If you are using CPF (or other applications that use triggers), this will fire both the create trigger (when the initial 0-length document is created) and the update trigger (when the document is updated with its contents). When using Windows WebDAV clients with CPF applications, make sure that your CPF actions for create and update are designed to work correctly for this behavior. In most cases, having the same action for create and update will be sufficient, but in some cases, you might need to write an action that checks for a 0-length document and does something special with it.

######### 9.3.2 General Steps to Connect to a Server

Each WebDAV client has its own way of connecting to a WebDAV server, but the general steps to connect to a WebDAV server are as follows:

1. Start the WebDAV client.

2. Enter the connection information for the WebDAV server. This includes the servername and port number of the WebDAV server. For example, if you have a WebDAV server running on port 9001 on a machine named marklogic.myCompany.com, enter the following URL in the appropriate place for your WebDAV client:

Page 108

Page 109

Page 110

Page 111

Page 112

Page 113

Page 114

Page 115

Page 116

Page 117

Page 118

Page 119

Page 120

Page 121

Page 122

Page 123

Page 124

Page 125

Page 126

Page 127

Page 128

Page 129

Page 130

Page 131

Page 132

Page 133

Page 134

Page 135

Page 136

######### 13.1 Understanding Databases

A database in MarkLogic Server serves as a layer of abstraction between forests and HTTP, WebDAV, or XDBC servers. A database is made up of data forests that are configured on hosts within the same cluster but not necessarily in the same group. It enables a set of one or more forests to appear as a single contiguous set of content for query purposes. See “Understanding Forests” on page 321 for more detail on forests.

Multiple HTTP, XDBC, and WebDAV servers can be connected to the same database, allowing different applications to be deployed over a common content base. A database can also span forests that are configured on multiple hosts enabling data scalability through hardware expansion. To ensure database consistency, all forests that are attached to a database must be available in order for the database to be available.

Warning The system databases — Security, Schemas, Triggers, Modules, Extensions, Last-Login and App-Services — should all be single forest databases. For high availability, one or two replica forests can and should be configured. But there is no benefit to having multiple master forests in the database.

######### 13.1.1 Schemas and Security Databases

The installation process creates the following auxiliary databases by default - Documents, Last-Login, Schemas, Security, Modules, and Triggers. Every database points to a security database and a schema database. Security configuration information is stored in the security database and schemas are stored in the schemas database. A database can point back to itself for the security and schemas databases, storing the security information and schemas in the same repository as the documents. However, security objects created through the Admin Interface are stored in the Security database by default. MarkLogic recommends leaving databases connected to Security as their security database.

######### 13.1.2 Modules Database

The modules database is an auxiliary database that is used to store executable XQuery, JavaScript, and REST code. During installation, a database named Modules is created, but any database can be used as a modules database, as long as the HTTP or XDBC server is configured to use it as a modules database. Also, it is possible to use the same database to store executable modules, to store queryable documents, and/or to store triggers.

If you use a modules database, each executable document in the database must have the root (specified in the HTTP or XDBC server) as a prefix to its URI. Also, if you want to access the documents in the database via WebDAV, then it should have automatic directory creation enabled, because automatic directory creation is required for WebDAV. For information about directories and roots, see “Directories” on page 87 and “Server Root Directory” on page 88.

For example, if you are using a modules database and specify a root in an HTTP or XDBC server of http://marklogic.com/, the following documents are executable from that server:

http://marklogic.com/default.xqy http://marklogic.com/myXQueryFiles/search_db.xqy

but the following files are not executable (because they do not have URIs that start with the root):

Page 137

Page 138

Page 139

Page 140

|fast diacritic sensitive searches|Speeds up diacritic-sensitive searches by eliminating some false positive results.| |fast element word searches|Speeds up element-word searches by eliminating some false positive results.|

|Database Setting|Description| |---|---| | | | |element word positions|Index element word positions for faster element-based phrase and cts:near-query searches.| |fast element phrase searches|Speeds up element phrase searches by eliminating some false positive results.| |element value positions|Index element word positions for faster element-based phrase and cts:near-query searches that use cts:element-value-query.| |attribute value positions|Index attribute word positions for faster attribute-based phrase and cts:near-query searches that use cts:element-value-query and faster cts:element-query searches that use a cts:element-attribute-*-query.| |field value searches|Enables searches that use cts:field-value-query.| |field value positions|Enables positions for searches that use cts:field-value-query.| |three character searches|Enables wildcard searches where the search pattern contains three or more consecutive non-wildcard characters (for example, abc*x, *abc, a?bcd). When combined with a codepoint word lexicon, speeds the performance of any wildcard search (including searches with fewer than three consecutive non-wildcard characters). MarkLogic recommends combining the three character search index with a codepoint collation word lexicon. For more details about wildcard searches, see Understanding and Using Wildcard Searches in the Search Developer’s Guide.

| |three character word positions|Index word positions for three-character wildcard queries.| |fast element character searches|Enables wildcard searches and speeds up element-based wildcard searches. For more details about wildcard searches, see Understanding and Using Wildcard Searches in the Search Developer’s Guide.

| |trailing wildcard searches|Faster wildcard searches with the wildcard at the end of the search pattern (for example, abc*). For more details about wildcard searches, see Understanding and Using Wildcard Searches in the Search Developer’s Guide.

| |trailing wildcard word positions|Index word positions for trailing wildcard searches.| |fast element trailing wildcard searches|Faster wildcard searches with the wildcard at the end of the search pattern within a specific element, but slower document loads and larger database files.|

|Database Setting|Description| |---|---|

Page 141

| | | |word lexicon|Maintains a lexicon of all of the words in a database, with uniqueness determined by a specified collation. Additionally, works in combination with the three character search index to speed wildcard searches. For more details about wildcard searches, see Understanding and Using Wildcard Searches in the Search Developer’s Guide.

| |two character searches|Enables wildcard searches where the search pattern contains two or more consecutive non-wildcard characters (for example, ab*). This index is not needed if you have three character searches and a word lexicon. For more details about wildcard searches, see Understanding and Using Wildcard Searches in the Search Developer’s Guide.

| |one character searches|Enables wildcard searches where the search pattern contains a single non-wildcard characters (for example, a*). This index is not needed if you have three character searches and a word lexicon. For more details about wildcard searches, see Understanding and Using Wildcard Searches in the Search Developer’s Guide.

| |uri lexicon|Maintains a lexicon of all of the URIs used in a database. The URI lexicon speeds up queries that constrain on URIs. It is like a range index of all of the URIs in the database. To access values from the URI lexicon, use the cts:uris or cts:uri-match APIs.| |collection lexicon|Maintains a lexicon of all of the collection URIs used in a database. The collection lexicon speeds up queries that constrain on collections. It is like a range index of all of the collection URIs in the database. To access values from the collection lexicon, use the cts:collections or cts:collection-match APIs.|

######### 13.1.4.3 Rebalancer Settings

You can enable the database rebalancer to automatically distribute content evenly across forests in a database. The specifics of database rebalancing are described in “Database Rebalancing” on page 199.

|Database Setting|Description| |---|---| | | | |assignment policy|Specifies how documents are to be distributed across the database forests. Both the rebalancing process and the document load/insert process follow this policy. For details on the document assignment policies, see “Rebalancer Document Assignment Policies” on page 200.| |rebalancer enable|When set to true, the database rebalancer will automatically redistribute the content across the database forests. When set to false, rebalancing is disabled.| |rebalancer throttle|Sets the priority of system resources devoted to rebalancing. Higher numbers give rebalancing a higher priority.|

######### 13.1.4.4 Reindexing Settings

The reindexing settings enable or disable reindexing and allow you to force reindexing of older fragments.

Page 142

|Database Setting|Description| |---|---| | | | |reindexer enable|When set to true, index configuration changes automatically initiate a background reindexing operation on the entire database. When set to false, any new index settings take effect for future documents loaded into the database; existing documents retain the old settings until they are reloaded or until you set reindexer enable to true. For information on how the reindexer effects queries, see “Query Behavior with Reindex Settings Enabled and Disabled” on page 385.|

|Database Setting|Description| |---|---| | | | |reindexer throttle|Sets the priority of system resources devoted to reindexing. Higher numbers give reindexing a higher priority.| |reindexer timestamp|Specifies the timestamp of fragments to force a reindex/refragment operation. Click the get current timestamp button to enter the current system timestamp. When you set this parameter to a timestamp and reindex enable is set to true, it causes a reindex and refragment operation on all fragments in the database that have a timestamp equal to or less than the specified timestamp. Note that if you restore a database that has a timestamp set, if there are fragments in the restored content that are older than the specified content, they will start to reindex as soon as they are restored.|

######### 13.1.4.5 Document and Directory Settings

The document and directory settings affect the default settings for how documents and directories are created in the database.

|Database Setting|Description| |---|---| | | | |directory creation|Specifies if directories should be automatically created when a document is created. If you are using the database to store documents accessible via a WebDAV server or as a Modules database, this setting should be set to automatic. The following are the settings:

• automatic—directories are automatically created based on the URI of a document.
• manual-enforced—requires that the directory hierarchy corresponding to the URI exists before creating a document. If you create a document where the corresponding directory hierarchy does not exist, an error is raised. For example, if you try to create a document with the URI:

http://marklogic.com/file.xml then the directory with URI http://marklogic.com/ must exist. Otherwise, an error is raised. This setting provides the same behavior as a file system.

• manual—directories are not automatically created, but documents can still be created without corresponding directories.

For more information about directories, see “Directories” on page 87. For more information about Modules databases, see “Modules Database” on page 128.|

Page 143

|Database Setting|Description| |---|---| | | | |maintain last modified|Creates and updates the last-modified property each time a document is created or updated. The default is false.| |maintain directory last modified|Creates and updates the last-modified property on a directory each time a directory is created or updated. If set to true, update operations on documents in a directory will also update the directory last-modified timestamp, which can cause some contention when multiple documents in the directory are being updated. If your application is experiencing contention during these type of updates (for example, if you see deadlock-detected messages in the error log), set this property to false. The default is false.| |inherit permissions|When set to true, documents and directories automatically inherit permissions from their parent directory (if permissions are not set explicitly when creating the document or directory). If there are any default permissions on the user who is creating the document or directory, those permissions are combined with any inherited permissions.| |inherit collections|When set to true, documents and directories automatically inherit collection settings from their parent directory (if collections are not set explicitly when creating the document or directory). If there are any default collections on the user who is creating the document or directory, those permissions are combined with any inherited collections.| |inherit quality|When set to true, documents and directories automatically inherit any quality settings from their parent directory (if quality is not set explicitly when creating the document or directory).|

######### 13.1.4.6 Memory and Journal Settings

The memory and journal settings are automatically configured at installation time. The memory settings configure the memory limits for the system, and the journal settings control the transactional journal, used for recovery if a database transaction fails. The default settings should be sufficient for most systems. Depending on the system workload, setting the memory settings incorrectly can adversely affect performance; if you need to change the settings and you have an active maintenance contract, you can contact MarkLogic Support for help.

|Database Setting|Description| |---|---| | | | |in memory limit|The maximum number of fragments in an in-memory stand. An in-memory stand contains the latest version of any new or changed fragments. Periodically, in-memory stands are written to disk as a new stand in the forest. Also, if a stand accumulates a number of fragments beyond this limit, it is automatically saved to disk by a background thread.| |in memory list size|The size, in megabytes, of the in-memory list storage.| |in memory tree size|The size, in megabytes, of the in-memory tree storage. The in memory tree size should be at least 1 or 2 megabytes larger than the largest text or small binary document you plan on loading into the database. The largest small binary file size is always constrained by the “large size threshold” database configuration setting.| |in memory range index size|The size, in megabytes, of the in-memory range index storage.| |in memory reverse index size|The size, in megabytes, of the in-memory reverse index storage.|

Page 144

|in memory triple index size|The size, in megabytes, of the in-memory triple index storage.| |large size threshold|Determines the size, in kilobytes, beyond which large binary documents are stored in the Large Data Directory instead of directly in a stand. Binaries smaller than or equal to the threshold are considered small binary files and stored in stands. Binaries larger the threshold are considered large binary files and stored in the Large Data Directory.|

|Database Setting|Description| |---|---| | | | |locking|Specifies how robust transaction locking should be. When set to strict, locking enforces mutual exclusion on existing documents and on new documents. When set to fast, locking enforces mutual exclusion on existing and new documents. Instead of locking all the forests on new documents, it uses a hash function to select one forest to lock. In general, this is faster than strict. However, for a short period of time after a new forest is added, some of the transactions need to be retried internally. When set to off, locking does not enforce mutual exclusion on existing documents or on new documents; only use this setting if you are sure all documents you are loading are new (a new bulk load, for example), otherwise you might create duplicate URIs in the database.| |journaling|Specifies how robust transaction journaling should be. When set to strict, the journal protects against MarkLogic Server process failures, host operating system kernel failures, and host hardware failures. When set to fast, the journal protects against MarkLogic Server process failures but not against host operating system kernel failures or host hardware failures. When set to off, the journal does not protect against MarkLogic Server process failures, host operating system kernel failures, or host hardware failures.| |journal size|The size, in megabytes, of each journal file. The system uses journal files for recovery operations if a transaction fails to complete successfully. The default value should be sufficient for most systems; it is calculated at database configuration time based on the size of your system. If you change the other memory settings, however, the journal size should equal the sum of the in memory list size and the in memory tree size. Additionally, you should add space to the journal size if you use range indexes (particularly if you use a lot of range indexes or have extremely large range indexes), as range index data can take up journal space. Also, if your transactions span multiple forests, you may also need to add journal size, as each journal must keep the lock information for all of the documents in the transaction, not just for the documents that reside in the forest in which the journal exists.

When you change the journal size, the next time the system creates a new journal, it will use the new size limit; existing journals will continue to use the old size limit until they are replaced with new ones (for example, when a journal fills up, when a forest is cleared, or when the system is cleanly shutdown and restarted).| |preallocate journals|As of 8.0-4, this setting has no effect.|

|Database Setting|Description| |---|---| | | | |preload mapped data|Specifies whether memory mapped data (for example, range indexes and word lexicons) is loaded into memory when a forest is mounted to the database. Preloading the memory mapped data improves query performance, but uses more memory, especially if you have a lot of range indexes and/or lexicons. Also, it will cause a lot of disk I/O at database startup time, slowing the system performance during the time the mapped data is read into memory. If you do not preload the mapped data, it will be paged into memory dynamically when a query requests data that needs it, slowing the query response time.| |range index optimize|Specifies how range indexes are to be optimized. When set to facet-time, range indexes are optimized to minimize the amount of CPU time used. When set to memory-size, range indexes are optimized to minimize the amount of memory used.|

########## 13.1.4.7 Other SettingsThe following are the remaining database configuration options.

|Database Setting|Description|

Page 145

|---|---| | | | |position list max size|The maximum size, in megabytes, of the position list portion of the index for a given term. If the position list size for a given term grows larger than the limit specified, then the position information for that term is discarded. The default value is 128, the minimum value is 1, and the maximum value is 512. For example, position queries (cts:near-query) for frequently occurring words that have reached this limit (words like a, an, the, and so on) are resolved without using the indexes. Even though those types of words are resolved without using the indexes, this limit helps improve performance by making the indexes smaller and more efficient in relation to the content actually loaded in the database.| |format compatibility|Specifies the version compatibility that MarkLogic Server applies to the indexes for this database during request evaluation. Setting this to a value other than automatic specifies that all forest data has the specified on-disk format, and it disables the automatic checking for index compatibility information. The automatic detection occurs during database startup and after any database configuration changes, and can take some time and system resources for very large forests and for very large clusters. The default value of automatic is recommended for most installations.|

|Database Setting|Description| |---|---| | | | |index detection|Specifies whether to auto-detect index compatibility between the content and the current database settings. This detection occurs during database startup and after any database configuration changes, and can take some time and system resources for very large forests and for very large clusters. Setting this to none also causes queries to use the current database index settings, even if some settings have not completed reindexing. The default value of automatic is recommended for most installations.| |expunge locks|Specifies if MarkLogic Server will automatically expunge any lock fragments created using xdmp:lock-acquire with specified timeouts. If you set this to automatic, the lock fragments will be cleaned up as they expire. With The default setting of none, the locks will remain in the database after the locks expire (although they will no longer be locking any documents) until they are explicitly removed with xdmp:lock-release.| |tf normalization|Specifies whether to use the default term-frequency normalization (scaled-log), which scales the term frequency based on the size of the document, or to use the unscaled-log, which uses term frequency as a function of the actual term frequency in a document, regardless of the document size, or to choose an intermediate level of scaling with lower impact than the default document size-based scaling.|

######### 13.1.4.8 Merge Control Settings

The merge control settings allow you to control when merges occur, set merge parameters, and set up blackout periods where you do not want merges to occur. You can access the merge control settings by clicking the Admin Interface menu item for Database > db_name > Merge Controls. Use caution when adjusting the merge parameters or using merge blackouts, as merges are necessary for optimal database performance. For explanations of the merge control settings and more details on controlling merges, see “Understanding and Controlling Database Merges” on page 181.

######### 13.1.5 Example of Databases in MarkLogic Server

This section provides an example which demonstrates the concept of a database and the relationships between a database, a host and a forest in MarkLogic Server.

In the diagram below, Hosts D1, D2 and D3 belong to the Data-Nodes Group.

Page 146

Page 147

Page 148

Page 149

Page 150

Page 151

Page 152

Page 153

Page 154

Page 155

Page 156

By default, all element content (all text node children of elements) is included in word queries. If you decide to include and/or exclude any elements from word queries, there are rules that govern which non-specified elements are indexed and which are not. The rules are based on inheriting the include state from the parent element. For example, if the parent element is marked as an included element (and is therefore indexed and evaluated for word query), then its children, if they do not appear on the exclude list, are also included.

Note: If you configure word query exclusions then MarkLogic may not use word positions, even if it is enabled. For example, MarkLogic will not use word positions for resolution of queries such as cts:element-word-query or cts.jsonPropertyWordQuery resolution in positional contexts such as a near query. This can lead to false positives. You can use xdmp:plan or cts.plan to determine whether word positions are being used.

When MarkLogic Server determines which elements to include/exclude, it walks the XML tree using the following rules:

1. Start at the root node of the document.

2. If the root node is included (either because it is explicitly included or because include document root is set to true), MarkLogic Server includes the immediate text node children of the document root element and then moves to its element children. If the root node is excluded, the text nodes are not included and MarkLogic Server moves down the XML tree to its element children.

3. If the parent element (the root element in this case) was included, MarkLogic Server keeps walking down the tree and including the text node children until it encounters an explicitly excluded element.

4. If the parent element (the root element in this case) was not included, MarkLogic Server keeps walking down the tree, not including the text node children, until it encounters an explicitly included element.

5. MarkLogic Server keeps walking down the tree, including or not according to the state inherited from the parent element, until it encounters the next included element (if it is in the not included state) or excluded element (if it is in the included state).

6. During this process, when an element is encountered that is neither included nor excluded, it inherits the included state (not included or included) from the parent element.

7. MarkLogic Server keeps walking down the XML tree using this logic to determine its included state, until it reaches the end of the document.

The only way to guarantee an element’s text node children will be included (assuming you have any elements included and/or excluded) is to add it to the included list, and the only way to guarantee an element is not included is to add it to the excluded list.

The following figure shows what is included for two configurations, one with the root node included and one with the root node excluded. Note that the includes and excludes are the same. The lines below the element names represent the text nodes, and the yes/no indicates whether the content in the text nodes is included in word queries. The root represents the rode node of an XML structure, with elements A and B included and elements C and D excluded. Elements that are not explicitly included or excluded (for example, E, F, and Z) inherit from their parents.

Root: Included

Page 157

Page 158

Page 159

Page 160

Page 161

Page 162

yes

The lines indicate text nodes, Yes is included, No is excluded

Notice that the Z node, which is not explicitly included or excluded, sometimes is included and sometimes is not included, depending on the include state of its parent element.

######### 14.1.3 Adding a Weight to Boost or Lower the Relevance of an IncludedElement

When you include an element, one of the options is to add a weight to the included element specification. When you add a weight, all text in this element (including any text in all text node descendants of the element) are weighted by the specified value, changing the relevance at query time. Specifying a weight greater than 1.0 will boost scores and a weight lower than 1.0 will lower scores for matches within the element.

When you specify a weight, the term frequency for any tokens in that element (including tokens in descendant text nodes) is multiplied by that number. This happens during document load, update, or reindexing. For example, if you specify a weight of 2.0, each term will have a term frequency of 2.0, making it as if each term appeared twice (for score calculation purposes). Similarly, if you specify a weight of 0.5, each term will have a term frequency of 0.5.

Note: Because the weight boosting affects term frequency, it will only affect relevance orders for scoring algorithms that include term frequency (for example, logtf/idf or logtf); scoring algorithms that do not consider weight will not be affected by these weights (for example, score-simple).

Adding a weight is useful to boost or lower scores on searches where the match occurs in a given element. For example, if you want matches in TITLE elements to contribute more towards the relevancy score than matches in other elements, you can specify a weight of 2.0 for the TITLE element. Conversely, if you want matches in TITLE elements to contribute less to the relevancy score than matches in other elements, you can specify a weight of 0.5 for the TITLE element. For details on how relevance is calculated, see the chapter Composing cts:query Expressions in the Search Developer’s Guide.

######### 14.1.4 Specifying An Attribute Value for an Included Element

When you include an element, one of the options is to specify an attribute value. This option allows you to only include elements with a particular attribute/value pair. The attribute/value pair acts as a predicate on which to constrain the content. For example, consider the following XML snippet:

some text here some more text here some other text here some different text here other text here still other text here

For the element chapter, if you specify the attribute/value pair of class and history, then only the following elements will be included:

Page 163

Page 164

Page 165

Page 166

Field query is similar to word query (in its default configuration, with everything included), but instead of querying everything in the database, fields query only what is configured for the specified field. Fields have their own set of indexes, independent of the database indexes. Because fields have their own indexes, and a field is typically a small subset of the whole database, querying a field is often more efficient than querying those same XML element or JSON properties directly (with cts:word-query, for example).

Also, because fields have their own sets of indexes, relevance for fields is calculated based on the content in the field, not based on all of the content in the database. This provides finer-grain relevance for field searches than for other searches.

You can use fields to create portions of the content that you might want to query as a single unit. Additionally, you can configure a field with indexing options over and above the ones configured in the database. For example, consider a database containing many technical articles, each article containing a brief abstract. You might want to build an application that allows greater capabilities for searching through the abstracts than for searching through the rest of the articles. Assume your

main content does not have wildcard indexes, but you want to be able to search through the abstracts using wildcard searches. You can create a field on the abstract, and then add wildcard indexes to that field. Because the field represents only a relatively small percentage of the content, the relative cost of the extra indexing is small.

Indexing of JSON and XML content differs slightly. This introduces differences in the behavior of field value queries and field range queries over the two types of content. For details, see How Field Queries Differ Between JSON and XML in the Application Developer’s Guide.

######### 15.2 Understanding Field Configurations

Field search of words and phrases in MarkLogic Server is based on the query constructor cts:field-word-query. You can control the behavior of these field searches by changing the database configuration for the field you query. You can exclude and/or include elements from path and root fields, and you can add extra indexing options for some elements. This section describes the options available in the configuration and includes the following parts:

• Overview of Field Configuration Options

• Root and Path Fields

• Metadata Fields

• Understanding the Index Option Configuration

Page 167

Page 168

Page 169

Page 170

Page 171

Page 172

Page 173

Page 174

Page 175

Page 176

Page 177

Page 178

Page 179

Page 180

Page 181

Page 182

Page 183

Page 184

Page 185

Page 186

Page 187

Page 188

Page 189

Page 190

Page 191

Page 192

Page 193

• Dangers of Disabling Merges

• Merges Will Change Scores

######### 16.1.1 Dynamic and Self-Tuning

Merges are a way of self-tuning the performance of the system, and MarkLogic Server continuously assesses the state of each database to see if it would benefit from self-tuning through a merge. In most cases, the default merge settings and the dynamic nature of merges will keep the database tuned optimally at all times. Because merges can be resource intensive (both disk I/O and CPU), however, some DBAs might need to control when merges occur and/or when they do not occur. You can do that by setting your merge policy as appropriate for your environment, as described in “Setting Merge Policy” on page 183.

Dynamic and self-tuning, merges are a “good thing”; they not only reclaim disk space, but improve the query and search performance of the system. Databases are made up of one or more forests, and forests are made up of one or more stands. The more stands there are in a forest, the more time it takes to resolve a query. Merges reduce the number of stands in each forest in a database, thereby improving the time it takes to resolve queries.

######### 16.1.2 What Happens During a Merge

A database consists of one or more forests, and each forest consists of one or more stands. Each stand consists of one or more fragments. When a document is updated, new versions of all of the fragments associated with the document update are created in a new stand. Any old versions of the fragment remain in the old stand with a system timestamp that lets MarkLogic Server know that they are old versions of the fragments. Similarly, when a document is deleted, its fragments remain in the old stand with a system timestamp that lets MarkLogic Server know that they are old versions of the fragments.

Merges occur to move any unchanged fragments from an old stand into a new stand, deleting any old versions of fragments (including deleted fragments), thereby freeing up disk space and compacting the usable fragments so they are all together on disk. Additionally, merges combine index data for all of the fragments in a stand, thereby optimizing the indexes. Merges are a normal part of database operation, and they ensure that the system continues to perform at its best as updates and deletes occur.

To summarize, as part of merging, the following occurs:

• Multiple stands are combined into one for improved performance.

• Disk space is reclaimed.

• Indexes and lexicons are combined and re-optimized based on their new size. The result is a database that is smaller and can resolve queries much faster than before the merge.

Page 194

######### 16.1.3 Dangers of Disabling Merges

MarkLogic Server is designed to periodically merge. It is dangerous to leave merges disabled on a database when there are any updates occurring to the system. While disabling merges might eliminate some contention for resources during periods where merges and other requests are simultaneously occurring on the system, the performance of MarkLogic Server will degrade over time if merges are not allowed to proceed when changes (inserts, updates, deletes) are made to the database.

Furthermore, disabling or eliminating merging may eventually lead to a condition in which the server is unable to make changes to the database. For example, when an in-memory stands fills up, it is written to an on-disk stand. MarkLogic Server has a fixed limit for the maximum number of stands (64), and eventually, that limit will occur and you will no longer be able to update your system. Therefore, there is no control available to disable merges. If you feel you need to disable merges and you have an active maintenance contract, you can contact MarkLogic Technical Support for help.

In most cases where merges are causing disruptions to your system, you should be able to adjust the merge policy parameters to settings that will work in your environment. If you feel you need to disable merges and you have an active maintenance contract, you can contact MarkLogic Technical Support for help. Monitor the system and make sure the number of stands per forest does not grow too high. For details on setting merge controls, see “Description of Merge Policy Parameters” on page 184 and “Configuring Merge Policy Rules” on page 193.

In some cases, especially in environments with many forests and constantly changing content across many of the forests, an alternative to disabling merges is to set one or more forests to be delete-only. For details, see “Making a Forest Delete-Only” on page 326.

######### 16.1.4 Merges Will Change Scores

When a database merges, it deletes old fragments that exist in the database, therefore changing (making it smaller) the total number of fragments in the database. Because the number of fragments in the database is used in determining the score for a cts:search operation, merges will have an impact on search scores, which in turn might impact the order of search results (which are ordered by relevance score).

The amount of impact that merges have on scores is dependent on how many old versions of fragments there are waiting to be merged, the content of the old fragments, and the overall size of the database. For large databases with relatively little amount of change, the difference in the scores will be very small. For smaller databases with large amount of change, the differences in scores can be significant before and after a merge completes.

16.2 Setting Merge Policy This section describes the tools you can use to control merges, and has the following parts:

• Overview of the Merge Policy Controls

Page 195

Page 196

Page 197

############ The following table describes the settings available on Merge Policy page.

|Database Setting|Description| |---|---| | | | |merge priority|Specifies the CPU scheduler priority at which merges should run. The settings are:

• normal specifies the same CPU scheduler priority as for requests.
• lower specifies a lower CPU scheduler priority than for requests.

Merges always run with normal priority on forests with more than 16 stands.| |merge max size|The maximum size, in megabytes, of a stand that will result from a merge. If a stand grows beyond the specified size, it will not be merged. If two stands would be larger than the specified size if merged, they will not be merged together. If you set this to smaller sizes, large merges (which may require more disk and CPU resources) will be prevented. The default is 48 GB (49152 MB), which is recommended because it provides a good balance between keeping the number of stands low and preventing very large merges from using large amounts of disk space. Set this to 0 to allow any sized stand to merge. Use care when setting this to a non-zero value lower than the default value, as this can prevent merges which are ultimately required for the system to maintain performance levels and to allow optimized updates to the system.| |merge min size|The minimum number of fragments that a stand can contain. Two or more stands with fewer than this number of fragments are automatically merged.| |merge min ratio|A positive integer indicating the minimum ratio between the number of fragments in a stand and the number of fragments in all of the other smaller stands (that is stands with fewer fragments) in the forest. Stands with a fragment count below this ratio relative to all smaller stands are automatically merged with the smaller stands. For an example, see “If You Want to Reduce the Number of ‘Large’ Merges” on page 194.|

|Database Setting|Description| |---|---| | | | |merge timestamp|The timestamp stored on merged stands. This is used for point-in-time queries, and determines when space occupied by deleted fragments and old versions of fragments may be reclaimed by the database. If a fragment is deleted or updated at a time after the merge timestamp, then the old version of the fragment is retained for use in point-in-time queries. Set this to 0 (the default) to let the system reclaim the maximum amount of disk space during merge activities. A setting of 0 will remove all deleted and updated fragments when a merge occurs. Set this to 1 before loading or updating any content to create a complete archive of the changes to the database over time. Set this to the current timestamp to preserve all versions of content from this point on. Set this to a negative number to specify a window of timestamp values, relative to the last merge, at ten million ticks per second. The timestamp is a number maintained by MarkLogic Server that increments every time a change occurs in any of the databases in a system (including configuration changes from any host in a cluster). To set to the current timestamp, click the current timestamp button; the timestamp is displayed in red until you press OK to activate the timestamp for future merges. For details on point-in-time queries, see the Application Developer’s Guide.

Click Get Current Timestamp to return the current merge timestamp.| |retain until backup|Specify whether the deleted fragments are retained since the last full or incremental backup. When enabled, retain until backup supersedes merge timestamp. Deleted fragments are not merged until backups are finished, regardless of the merge timestamp setting. Enabling retain until backup is same to setting the merge timestamp to the timestamp of the last backup. For more information, see “Incremental Backup with Journal Archiving” on page 262.| |merge blackout periods|Specify times when merges are disabled. To specify a merge blackout period, click the Create tab and specify when you want the blackout to occur. You can make it a recurring blackout period, or specify a one-time blackout period. Use caution when setting large blackout periods when there are significant updates occurring on the system; merges are a normal part of the self-tuning mechanism of the database, and disabling them completely or for long periods of time can cause performance degradation.|

######### 16.3 Blackout Periods for Merges

Although merges are a normal part of system behavior, there are times when it is inconvenient for a merge to start. Merge blackout periods allow you to specify times when a merge should not begin. This section describes merge blackouts and includes the following parts:

Page 198

Page 199

Page 200

Page 201

2006-04-20 13:43:11.151 Info: Merging /var/opt/MarkLogic/Forests/bill/ 00000004 and /var/opt/MarkLogic/Forests/bill/00000005 to /var/opt/ MarkLogic/Forests/bill/00000006 2006-04-20 13:43:15.726 Debug: OnDiskStand /var/opt/MarkLogic/Forests/ bill/00000006, disk=47MB, memory=20MB 2006-04-20 13:43:15.726 Info: Merged 81 MB in 4 s at 20 MB/s to /var/ opt/MarkLogic/Forests/bill/00000006 2006-04-20 13:43:15.806 Debug: ~OnDiskStand /var/opt/MarkLogic/

Forests/bill/00000004 2006-04-20 13:43:15.806 Debug: ~OnDiskStand /var/opt/MarkLogic/

Forests/bill/00000005 2006-04-20 13:43:15.859 Info: Deleted /var/opt/MarkLogic/Forests/bill/ 000000042006-04-20 13:43:15.894 Info: Deleted /var/opt/MarkLogic/ Forests/bill/00000005

If you cancel a merge, you will see an message similar to the following in the ErrorLog.txt file:

2006-05-08 17:45:44.027 Error: PooledThread::run: XDMP-CANCELED: Canceled merge of stands: 13419435601900621379, 6182944041533805976 to: C:\Program Files\MarkLogic\Data\Forests\bill\0000009a

By examining the ErrorLog.txt file, you can determine when a merge started, when it completed, which stands where merged together, what stand they were merged into, the size of the merge, and other useful information.

Note: There must be sufficient disk space on the file system in which the forest data is stored for a merge to complete successfully; if a merge runs out of disk space, it will fail with an error message. Also, there must be sufficient disk space on the file system in which the log files reside to log any activity on the system. If there is no space left on the log file device, MarkLogic Server will abort. Additionally, if there is no disk space available to add messages to the log files, MarkLogic Server will fail to start.

16.6.2 Database Status Page You can access the Database Status page by clicking the Databases > db_name link in the tree menu, then clicking the Status tab in the Admin Interface. The Database Status page lists the merge state, which indicates if a merge is going on, shows the size of the merge, and estimates how long it will take the merge to complete. Additionally, the Database Status page includes a link to cancel the current merge (for details, see “Cancelling a Merge” on page 192).

During a merge, the merge rates are reported, as shown below. The rate reported in the Merging status is the merge rate of all merges on the forest, averaged over the last few seconds. The Merge Reads and Writes reported in the Rates status are the merge rates for the current merge, averaged over the entire duration of that merge.

![image 66](admin_images/imageFile66.png)

16.7 Explicit Merge Commands This section describes how to manually perform the following operations:

Page 202

Page 203

Page 204

######### 16.8.1 Determine the Baseline for Your Merges

The merge characteristics of your system depend on many factors, including the size of your forests, the amount of update activity on the system, and the way your data is fragmented. If you feel you need to change the configuration of your merges, the first step is to determine the merge characteristics for your database. This requires running your system under normal loads, then analyzing the log files to determine the following about your merges:

• average size of the merges

• average frequency of the merges

• average time it takes for the merges to complete

If it turns out that your merges are never taking more than a few minutes to complete, then there is probably no need to change any of your settings.

######### 16.8.2 If You Want to Reduce the Number of ‘Large’ Merges

In most cases, MarkLogic Server will perform relatively small merges just often enough to keep the system properly optimized. Small merges are generally not very disruptive and reasonably fast. In some cases, however, you might find that your merges are too large and are taking too much time. Exactly how large constitutes a “Large” merge is difficult to measure, but if you determine that your merges are too large, then you might want to try and configure your settings to avoid a really large merge.

One way to avoid large merges is to set the merge max size value. If you do set this value, however, you should only set it to a value as a temporary way to control your maximum merge size, as it can lead to a state where the database really needs to perform a large merge but cannot. Such a situation can lead to a poorly optimized system. One way to think about large merges is to compare them to sleeping for people; a person can go without much sleep for relatively short periods of time (a day or two or maybe even three for some people), but eventually, the person needs sleep or else he begins to function extremely poorly. Similarly, if a database is growing, it will eventually need to perform a large merge. Also, be careful not to set merge max size to such a small value that you end up with a very large number of stands. Always use care when setting the merge max size value, as you might end up with a large number of stands in your database, which can cause it to perform poorly and, when it reaches the maximum number of stands (64), will cause it to go offline.

Another way to accomplish a goal of reducing the number of large merges is to lower the value for merge min ratio to 1. A value of 1 for merge min ratio will not stop large merges from happening, but will make large merges only occur when the number of fragments in your largest stand is equal to the number of fragments in all of the other stands combined. Therefore, the only time merges will be more than 1/2 the size of your forest is when the fragment count of the sum of all but the largest stand is equal to or greater than the fragment count of the largest stand. To illustrate this, consider a forest with the following scenario:

If the merge min ratio is set to 1, then a stand can merge if the following ratio is less than 1:

of fragments in a stand total # of fragments in all other smaller stands in the forest

Page 205

Page 206

Page 207

Page 208

Page 209

Page 210

Page 211

Page 212

Page 213

Page 214

Page 215

Page 216

Page 217

Page 218

Page 219

Note: Avoid using the range policy to manage documents that might have more than one

value for a range index, as the behavior in such a circumstance is undefined.

There may be multiple forests that cover the same range, but two forests cannot have partially overlapped ranges. For example, it is valid for both ForestA and ForestB to cover (1 to 10) but not valid for ForestA to cover (1 to 6) while ForestB covers (4 to 10). It is also not valid for ForestA to cover (1 to 10) while ForestB covers (4 to 9). Among those forests that cover the same range, documents are assigned to the forests based on their document count, following a similar mapping process as the statistical policy described in “Statistical Assignment Policy” on page 203.

Note: In order to accommodate range “gaps” and documents that do not contain an element used as the partition key, you should always configure a default forest, as described below.

If a document has been processed by the Content Processing Framework (CPF), the property documents associated with the document may have a partition key value that is different from that in the document. When using the range policy, you may want to use the xdmp:document-add-properties or xdmp:document-set-properties function to put the same partition key value as specified in the document into the property documents to ensure that they are moved to the same forest as the original document. For example, the partition key is creation-date and the example.xml document has a creation-date of 2010-01-02, but its associated property documents contain no creation-date element. You could then use the xdmp:document-add-properties function as follows to add a matching creation-date element to the example.xml property documents.

xdmp:document-add-properties( "example.xml", (2010-01-02))

A forest with no range value behaves as the default forest, which means that documents that do not fit into any of the ranges set on the other forests are moved to the default forest. You cannot retire a forest unless there is another forest for the documents to move to, which means that there must either be another forest with the same range as the retired forest or that there is a default forest (no range set) attached to the database. If a database contains no default forest, an attempt to retire a forest containing documents with partition key values that do not match the ranges in the other forests will not be successful.

Note: You should always define a default forest when configuring the range assignment

policy.

For example, as shown in the figure below, you have documents that are organized into 6 volumes and each document contains a element that indicates when that document was created. You can create an element range index, named creation-date, of type date and identify creation-date as the partition key for the range policy. If you have four forests, you can set the lower bound of the range on the ForestA to 2010-01-02 and the upper bound to 2011-01-01; on

ForestB, the lower bound to 2011-01-02 and the upper bound to 2012-01-01, and on ForestC, the lower bound to 2012-01-02 and the upper bound to 2013-04-01. The fourth forest, ForestD, is designated as the default forest by not specifying a range. Any documents that have dates that fall outside of the date ranges set for the other forests and directed to the default forest.

Page 220

Page 221

Page 222

Page 223

| |When creating a query partition, you assign it a partition number. Unlike range partitions, queries set for partitions using the query assignment policy can have “overlaps,” but, in the event of an overlap, the partition with lower number is selected before partitions with higher numbers.

Note: As is the case with range assignment policy, you should always define a default

partition when configuring the query assignment policy.

The following is an example of query assignment policy setup. MD and AD are elements in the documents.|When creating a query partition, you assign it a partition number. Unlike range partitions, queries set for partitions using the query assignment policy can have “overlaps,” but, in the event of an overlap, the partition with lower number is selected before partitions with higher numbers.

Note: As is the case with range assignment policy, you should always define a default

partition when configuring the query assignment policy.

The following is an example of query assignment policy setup. MD and AD are elements in the documents.|When creating a query partition, you assign it a partition number. Unlike range partitions, queries set for partitions using the query assignment policy can have “overlaps,” but, in the event of an overlap, the partition with lower number is selected before partitions with higher numbers.

Note: As is the case with range assignment policy, you should always define a default

partition when configuring the query assignment policy.

The following is an example of query assignment policy setup. MD and AD are elements in the documents.|When creating a query partition, you assign it a partition number. Unlike range partitions, queries set for partitions using the query assignment policy can have “overlaps,” but, in the event of an overlap, the partition with lower number is selected before partitions with higher numbers.

Note: As is the case with range assignment policy, you should always define a default

partition when configuring the query assignment policy.

The following is an example of query assignment policy setup. MD and AD are elements in the documents.|When creating a query partition, you assign it a partition number. Unlike range partitions, queries set for partitions using the query assignment policy can have “overlaps,” but, in the event of an overlap, the partition with lower number is selected before partitions with higher numbers.

Note: As is the case with range assignment policy, you should always define a default

partition when configuring the query assignment policy.

The following is an example of query assignment policy setup. MD and AD are elements in the documents.| |---|---|---|---|---|---| |P

N|rtition ame|Tier1|Tier2|Tier3|Tier4| |Pa Nu|tition ber|1|2|3|4| |Qu|ry|(Termination eq yes) OR (Source eq "Hiring" AND MD > 30 days) OR (Source eq "CFO" AND MD > 30 days)|(Source eq "Hiring" AND MD <= 30 days AND MD > 1 year) OR (Source eq "CFO" AND MD <= 30 days AND MD > 60 days) OR (Source eq "Benefits" AND AD > 1 year)|(Source eq "Hiring" AND MD <= 1 year AND MD > 3 years) OR (Source eq "CFO" AND MD <= 60 days) OR (Source eq "Benefits" AND AD <= 1 year)|(Source eq "Hiring" AND MD <= 3 years)| |De|ault|Yes|No|No|No| | |There is only one cts:query per partition. When the query assignment policy is used, the following rules are used for document insert:

• The partition number is used for priority. If there is more than one query that match the document, the partition with the lower partition number is used.
• If none of the queries matches the document, the default partition is used.
• If there is no default partition, the forests without a partition number are used.
• Otherwise, it is an error.

Among the forests in a partition, the documents are assigned to the forests using the statistical assignment policy.|There is only one cts:query per partition. When the query assignment policy is used, the following rules are used for document insert:

• The partition number is used for priority. If there is more than one query that match the document, the partition with the lower partition number is used.
• If none of the queries matches the document, the default partition is used.
• If there is no default partition, the forests without a partition number are used.
• Otherwise, it is an error.

Among the forests in a partition, the documents are assigned to the forests using the statistical assignment policy.|There is only one cts:query per partition. When the query assignment policy is used, the following rules are used for document insert:

• The partition number is used for priority. If there is more than one query that match the document, the partition with the lower partition number is used.
• If none of the queries matches the document, the default partition is used.
• If there is no default partition, the forests without a partition number are used.
• Otherwise, it is an error.

Among the forests in a partition, the documents are assigned to the forests using the statistical assignment policy.|There is only one cts:query per partition. When the query assignment policy is used, the following rules are used for document insert:

• The partition number is used for priority. If there is more than one query that match the document, the partition with the lower partition number is used.
• If none of the queries matches the document, the default partition is used.
• If there is no default partition, the forests without a partition number are used.
• Otherwise, it is an error.

Among the forests in a partition, the documents are assigned to the forests using the statistical assignment policy.|There is only one cts:query per partition. When the query assignment policy is used, the following rules are used for document insert:

• The partition number is used for priority. If there is more than one query that match the document, the partition with the lower partition number is used.
• If none of the queries matches the document, the default partition is used.
• If there is no default partition, the forests without a partition number are used.
• Otherwise, it is an error.

Among the forests in a partition, the documents are assigned to the forests using the statistical assignment policy.|

The query requires the proper indexes to be configured in the database. The complexity of the query affects the performance of insert and rebalancing. Therefore slow queries such as those with wildcard matching are not recommended.

See “Setting the Query Assignment Policy for the Query Partition” on page 231 for details on how to set the query assignment policy.

######### 17.3.6 Legacy Assignment Policy

After upgrading to MarkLogic 7.0 or a later version, existing databases will be configured with the rebalancer disabled and the legacy assignment policy. This is to preserve the expected behavior when new documents are loaded into the database.

Note: Under most circumstances you would not use the legacy policy when the database rebalancer is enabled. The segment policy, described in “Segment Assignment Policy” on page 202, is generally preferred over the legacy policy.

The legacy policy uses the URI of a document to decide which forest the document should be assigned to. The mapping from a URI to a forest uses the same algorithm as the one used on older releases of MarkLogic Server.

For example, as shown in the figure below, a new forest, ForestD, is added to the database that already has three forests: ForestA, ForestB, and ForestC, each contains 400 documents because the document URIs allow for even distribution of them among the forests. The data is rebalanced as follows:

Page 224

Page 225

Page 226

Page 227

Page 228

Page 229

Page 230

Page 231

Page 232

Page 233

Page 234

Page 235

Page 236

Page 237

Page 238

Page 239

Page 240

Page 241

Page 242

Page 243

Page 244

Page 245

Page 246

Page 247

Page 248

Page 249

Page 250

Page 251

Page 252

Page 253

Page 254

Page 255

Page 256

Page 257

Page 258

Page 259

Page 260

Page 261

Page 262

Page 263

Page 264

Page 265

Page 266

Page 267

Page 268

Page 269

Page 270

Page 271

Page 272

Page 273

Page 274

Page 275

Page 276

Page 277

Page 278

Page 279

Page 280

Page 281

Page 282

Page 283

Page 284

Page 285

Page 286

Page 287

Page 288

Page 289

Page 290

Page 291

The validation phase is where the backup directories are checked to make sure that all of the needed files exist and that all of the needed backup directories exist and are writable. For backup operations, they are checked for sufficient disk space. For restore operations, the configuration files are read and the other backup files are checked to make sure they appear to be valid. The validation phase does not actually write any data and is completely asynchronous.

######### 20.1.5.2 Copy Phase

The copy phase is where the files are actually copied to or from the backup directory. The configuration files are copied at the beginning of the backup operation, and at this point a timestamp is written to the BackupTag.txt file. The copy phase might take a significant amount of time, depending on the size of the database. The start of the copy phase starts a transaction; if the transaction fails on a restore operation, the database remains unchanged from its original state.

######### 20.1.5.3 Synchronization Phase

During a backup or restore operation, the synchronization phase is where cleanup tasks such as deleting temporary files takes place, leaving the database in a consistent state. During a restore operation, the synchronization phase also takes the old version of the database offline and replaces it with the newly restored version.

Note: Any “cold” administrative tasks (tasks that require a server restart) will cause any backup or restore operations to fail. Do not perform any “cold” administrative tasks during a backup or restore operation. For a list of “hot” and “cold” operations, see “Appendix A: ‘Hot’ versus ‘Cold’ Admin Tasks” on page 465.

######### 20.1.6 Notes about Backup and Restore Operations

This section provides notes and restrictions about backing up and restoring MarkLogic Server databases.

• For backing and restoring a database with encryption, see Backup and Restore in the Security Guide.

• The backup files are platform specific—backups on a given platform should only be restored onto the same platform. This is true for both database and forest backups.

• You can restore an individual forest using a database backup by unchecking all forests except the one you want to restore on the Confirm Restore screen (see step 11 in “Restoring a Database without Journal Archiving” on page 272).

• We recommend using the database-level backup/restore, not the forest-level backup/restore. If you do use the forest-level backup/restore, note that you cannot restore a backup created with the forest-level backup as a database-level restore operation; forest-level backups created with the forest backup/restore utility must be restored from the forest restore utility. For details, see “Restoring a Forest” on page 333.

Page 292

• The restore operation is designed to restore into a database that has the same configuration settings as the one that was backed up, but it neither requires nor checks that the configurations are the same. The restore operation must occur on a database that has its configuration defined. Also, the restore operation does not change the database configuration files. Because the configuration files hold all of the database configuration information such as index options, fragmentation, range indexes, and so on, the restored database will take on the configuration information of the database to which it is restored. If this configuration information is different from the database that was backed up, and if reindexing is enabled, the database will reindex to the new configuration after the restore completes.

• If a database’s backup is canceled, the in-flight backup is deleted. A database backup can be canceled by clicking the cancel button for the backup in the host status page in the Admin Interface, by the host or cluster being restarted (either from the Admin Interface or from the xdmp:restart command), or by errors in the backup (such as out-of-disk space errors). The process of deleting the in-flight backup during a clean restart might take some time, which can increase the time it takes to restart MarkLogic Server. If you are restarting using the startup scripts (/sbin/service MarkLogic )on UNIX systems and the control panel on Windows systems), then the script will delete as much of the backup as it can in 20 seconds; if any backup is in-flight during these types of system shutdown or restart operations, then you should manually remove them after the operation.

• After you restore from an incremental backup, you can’t use the previous full backup location for ongoing incremental backups. You will need to make a fresh full backup after the restore and use that full backup location for the ongoing incremental backups. This means that after the restore of an incremental backup, any scheduled backups will need to be updated to use the new full backup location.

######### 20.2 Backing Up Databases with Journal Archiving

The backup/restore operations with journal archiving enabled provide a point-in-time recovery option that enables you to restore database changes to a specific point in time between full backups with the input of a wall clock time. When journal archiving is enabled, journal frames are written to backup directories by near synchronously streaming frames from the current active journal of each forest.

Note: When you create scheduled backups with journal archiving enabled, and then later delete the backup, it does not stop journal archiving from occuring even though the backups stop happening. The xdmp:stop-journal-archiving function must be to explicitly called to stop journal archiving.

When journal archiving is enabled, you will experience longer restore times and slightly increased system load as a result of the streaming of journal frames.

![image 88](admin_images/imageFile88.png)

Note: Journal archiving can only be enabled at the time of a full backup. If you restore a backup and want to reenable journal archiving, you must perform a full backup at that time.

When journal archiving is enabled, you can set a lag limit value that specifies the amount of time (in seconds) in which frames being written to the forest's journal can differ from the frames being streamed to the backup journal. For example, if the lag limit is set to 30 seconds, the archived journal can lag behind a maximum of 30 seconds worth of transactions compared to the active journal. If the lag limit is exceeded, transactions are halted until the backup journal has caught up.

The active and backup journal are synchronized at least every 30 seconds. If the lag limit is less than 30 seconds, synchronization will be performed at least once in that period. If the lag limit is greater than 30 seconds, synchronization will be performed at least once every 30 seconds. The default lag limit is 15 seconds.

The decision on setting a lag limit time is determined by your Recovery Point Objective (RPO), which is the amount of data you can afford to lose in the event of a disaster. A low RPO means that you will restore the most data at the cost of performance, whereas a higher RPO means that you will potentially restore less data with the benefit of less impact to performance. In general, the lag limit you chose depends on the following factors:

Page 293

Page 294

Page 295

Page 296

Page 297

Page 298

Page 299

Page 300

Page 301

Page 302

Page 303

Page 304

Page 305

Page 306

• Restore data at a specific timestamp. Follow the procedure described in “Restoring to a Specific Timestamp” on page 280.

• Restore data at a specific timestamp based on the state of some sample documents. Follow the procedure described in “Restoring Based on Sample Documents” on page 281.

The following sections describe how to use the XQuery API to restore the database. You can also use the Admin Interface to accomplish some of the tasks.

Note: If you are using XA distributed transaction processing, a restore to a point in time may revive some XA transactions that were prepared before the target restore time, and committed/aborted after that time. For details on how to identify XA transactions, see Heuristically Completing a MarkLogic Server Transaction in the XCC Developer’s Guide

Note: You cannot roll back through a database clear operation, so you should check the

server logs for points in time that any clear operations occurred.

######### 20.6.4 Restoring from an Incremental Backup with Journal Archiving

To restore from an incremental backup, the server uses the base backup in the backup tag to get a series of incremental backups that lead to the full backup. The restore then starts with a full backup and restores using the incremental backups in reverse order. You need to specify the full backup directory and optionally the incremental backup directory. If no restore timestamp is specified, the server finds the latest backup from which to restore. Once you have completed this process, you can use journal archiving to restore the database to the current time.

If a restore timestamp is specified, the server finds a backup where the restore timestamp is between the minimum query timestamp and the backup timestamp. If no backup meets the requirement and there is a journal archive, the server finds the latest backup with backup timestamp smaller than the restored timestamp. It restores to that backup and then replays the journal to the restored timestamp.

If the journal archive exists, the server will find the backup timestamp of the last incremental backup and replay the journal starting from that timestamp.

Note: Once you restore from an incremental backup, you can no longer use the previous full backup location for ongoing incremental backups. After the restore, you need to make a fresh full backup and use that full backup location for the ongoing incremental backups. This means after the restore from an incremental backup, any scheduled backups will need to be updated to use the new full backup location. Using the old full backup location for incremental backup after a restore will cause an error.

This procedure describes how to restore a database to the current point in time using a full backup, one or more incremental backup, and journal archiving. You need to have a full backup using journal archiving and one or more incremental backups using journal archiving.

Page 307

Page 308

Page 309

Page 310

Page 311

Page 312

Page 313

Page 314

Page 315

Page 316

Page 317

Page 318

Page 319

Page 320

Page 321

Page 322

Page 323

Page 324

Page 325

Page 326

Page 327

Page 328

Page 329

Page 330

Page 331

Page 332

Page 333

Page 334

Page 335

Page 336

Page 337

Page 338

Page 339

Page 340

Page 341

Page 342

Page 343

Page 344

Page 345

Page 346

Page 347

Page 348

Page 349

Page 350

A forest also contains a separate on-disk Large Data Directory for storing large objects such as large binary documents. MarkLogic Server stores large objects separately to optimize memory usage, disk usage, and merge time. A small object is stored directly in a stand as a fragment. A large object is stored in a stand as a small reference fragment, with the full content stored in the Large Data Directory. The size threshold for storing objects in the Large Object Store and the location of the Large Object Store are configurable through the Admin Interface and Admin API. For details, see Working With Binary Documents in the Application Developer’s Guide.

By default, the operations allowed on a forest are: read, insert, update, and delete. You can control which operations are allowed on a forest by setting the following update types:

|Update Type|Description| |---|---| | | | |All|Read, insert, update, and delete operations are allowed on the forest.| |delete-only|Read and delete operations are allowed on the forest, but insert and update operations are not allowed unless a forest ID is specified, in which case it results in the document being moved to another forest. If you do not specify a forest ID when updating a document in a delete-only forest, the update throws an exception. This update type is useful when you want to eliminate the overhead imposed by the merge operation, but still allow transactions to delete data from the forest. See “Making a Forest Delete-Only” on page 326 for details.| |read-only

(Can only be set in Configure)|Read operations are allowed on the forest, but insert, update, and delete operations are not allowed. A transaction attempting to make changes to fragments in the forest will throw an exception. This update type is useful when you want to put your forests on read-only media and allow them to be queried. See “Making a Forest Read-Only” on page 327 for details.| |flash-backup

(Can only be set in Configure)|This type puts the forest in read-only mode without throwing exceptions on insert, update, or delete transactions, allowing the transactions to retry. This update type is useful when you want to temporarily quiesce a forest or to disable changes to the forest data when doing a flash backup of the forest. See “Making a Forest Read-Only” on page 327 for details.|

Note: To make the entire database read-only, set all of the forests in the database to

read-only.

23.2 Creating a Forest To create a new forest, complete the following procedure:

1. Click the Forests icon in the left tree menu.

Page 351

Page 352

Page 353

![image 132](admin_images/imageFile132.png)

Creating a forest is a “hot” admin task; the changes take effect immediately. However, toggling between update types restarts the forest.

######### 23.3 Making a Forest Delete-Only

You can configure a forest to only allow read and delete operations, disallowing inserts and updates to any documents stored in the forest. A delete-only forest is useful in cases where you have multiple forests in a database and you want to manage which forests change. To set a forest to only allow delete operations (and disallow inserts and updates), navigate to the configuration page for the forest you want specify as delete-only and set the updates allowed field to delete-only.

When a forest is set to delete-only, updates to documents in a delete-only forest that do not specify a forest ID will throw an exception. Updates to documents in a delete-only forest that specify one or more forest IDs of other forests in the database will result in the documents moving to one of those other forests. When a document moves forests, the old version of the document will be marked as deleted, and will be removed from the forest during the next merge.

To specify an update that will move a document in a delete-only forest to an updateable forest, you must specify the forest ID of at least one forest in which updates are allowed. One technique to accomplish this is to always specify all of the forest IDs, as in the following xdmp:document-insert example which lists all of the forests in the database for the $forest-ids parameter:

xdmp:document-insert($uri, $node, (), (), 0, xdmp:database-forests(xdmp:database()) )

Note: You can only move a document from a delete-only forest to a forest that allows updates using an API that takes forest IDs, and then by explicitly setting the forest IDs to include one or more forests that allow updates. The node-level update built-in functions (xdmp:node-replace, xdmp:node-insert-child, and so on) do not have a forest IDs parameter and therefore do not support moving documents.

Under normal operating circumstances, you likely will not need to set a forest to be delete-only. Additionally, even if the reindexer is enabled at the database level, documents in a forest that is set to delete-only will not be reindexed.

There are cases where delete-only forests are useful, however. One of the use cases for delete-only forests is if you have multiple forests and you want to control when some forests are merging. The best way to control merges in a forest is to not insert any new content in the forest. In this scenario, you can set some of the forests to be delete-only, and then those forests will not merge during that time (unless you manually specify a merge, either with the xdmp:merge API or by clicking the Merge button in the Admin Interface). After a while, you can rotate which forests are delete-only. For example, if you have four forests, you can make two of them delete-only for one day, and then make the other two delete-only the next day, switching the first two forest back to allowing updates. This approach will only have two forests being updated (and periodically merging) at a time, thus needing less disk space for merging. For more details about merges, see “Understanding and Controlling Database Merges” on page 181.

######### 23.4 Making a Forest Read-Only

You can configure an existing forest to only allow reads and to disallow inserts, updates and deletes to any documents stored in the forest.

Page 354

Page 355

Page 356

Page 357

Page 358

Page 359

Page 360

Page 361

Page 362

Page 363

Page 364

Page 365

Page 366

Page 367

Page 368

Page 369

Page 370

Page 371

Page 372

Page 373

Page 374

Page 375

Page 376

Page 377

Page 378

Page 379

Page 380

Page 381

Page 382

Page 383

Page 384

Page 385

Page 386

Page 387

Page 388

Page 389

Page 390

Page 391

Page 392

Page 393

Page 394

Page 395

|stemmed searches|Off (index is not built)|Controls whether searches return relevance ranked results by matching word stems. A word stem is the part of a word that is common to all of its inflected variants. For example, in English, "run" is the stem of "run", "runs", "ran", and "running". A stemmed search returns more matching results than the exact words specified in the query. A stemmed search for a word finds the same terms as an unstemmed search, plus terms that derive from the same meaning and part of speech as the search term. For example, a stemmed search for run returns results containing run, running, runs, and ran. For details on stemming, see the chapter Understanding and Using Stemmed Searches in the Search Developer’s Guide. There are three types of stemming: basic (one stem per word), advanced (one or more stems per word), and decompounding (advanced plus smaller component words of large compound words). Without either this index or the word searches index, MarkLogic Server is unable to perform relevance ranking and will refuse to execute any cts:word-query()-related built-in function. If both the stemmed search and word search indexes are enabled, MarkLogic Server defaults to performing stemmed searches (unless an unstemmed search is explicitly specified). Turn this index off if you want to disable stemmed searches. If word and stemmed search indexes are both off, then full-text searches are effectively disabled.

| |word searches (unstemmed)|On (index is built)|Enables MarkLogic Server to return relevance ranked results which match exact words in text elements. Either this index or the stemmed search index is needed for MarkLogic Server to execute any cts:word-query()-related function. For many applications, keeping this word search index off and the stemmed search index on is sufficient to return the desired results for queries. Turn this index on if you want to do exact word-only matches. If word and stemmed search indexes are both off, then full-text searches are effectively disabled.|

|Index|Default Setting|Description| |---|---|---| | | | | |word positions|Off (index is not built)|Speeds up the performance of proximity queries that use the cts:near-query function and of multi-word phrase searches. Turn this index off if you are not interested in proximity queries or phrase searches and if you want to conserve disk space and decrease loading time. If you turn this option on, you might find that you no longer need fast phrase searches, as they have some overlapping functionality.| |fast phrase searches|On (index is built)|Accelerates phrase searches by building additional indexes that describe sequences of words at load (or reindex) time. Without this index, MarkLogic Server will still perform phrase searches, just more slowly. Turn this index off if only a small percentage of your queries will contain phrase searches, and if conserving disk space and enhancing load speed is more important than the performance of those queries.| |fast case sensitive searches|On (index is built)|Accelerates case sensitive searches by building both case sensitive and case insensitive indexes at load time. Without this index, MarkLogic Server will still perform case sensitive searches, just more slowly. Turn this index off if only a small percentage of your text searches will be case sensitive, and if conserving disk space and enhancing load speed is more important than the performance of those queries.| |fast reverse searches|Off (index is not built)|Speeds up reverse query searches by indexing stored queries. Turn this option on to speed up searches that use cts:reverse-query.| |fast diacritic sensitive searches|On (index is built)|Speeds up diacritic-sensitive searches by eliminating some false positive results. Turn this option off if you do not want to do diacritic-sensitive searches.| |fast element word searches|On (index is built)|Accelerates searches that look for words in specific elements by building additional indexes at load time. Without this index, MarkLogic Server will still perform these searches, just more slowly. Turn this index off if only a small percentage of your queries rely on finding words within specific document elements, and if conserving disk space and enhancing load speed is more important than the performance of those queries.|

|Index|Default Setting|Description| |---|---|---| | | | | |element word positions|Off (index is not built)|Speeds up the performance of proximity queries that use the cts:near-query function in an element and of multi-word element phrase searches. Turn this index off if you are not interested in proximity queries and if you want to conserve disk space and decrease loading time.| |fast element phrase searches|On (index is built)|Accelerates phrase searches on elements by building additional indexes that describe sequences of words in elements at load (or reindex) time. Without this index, MarkLogic Server will still perform phrase searches, just more slowly. Turn this index off if only a small percentage of your queries will contain phrase searches at the element level, and if conserving disk space and enhancing load speed is more important than the performance of those queries.| |element value positions|Off (index is not built)|Speeds up the performance of proximity queries that use the cts:element-value-query function. Turn this index off if you are not interested in proximity queries and if you want to conserve disk space and decrease loading time.| |attribute value positions|Off (index is not built)|Speeds up the performance of proximity queries that use the cts:element-attribute-value-query function and speeds up cts:element-query searches that us attribute query constructors. Turn this index off if you are not interested in proximity queries and if you want to conserve disk space and decrease loading time.| |field value searches|Off (index is not built)|Speeds up the performance of field value searches that use the cts:field-value-query function. Without this index or the corresponding index on the field definition, queries that use cts:field-value-query will throw an exception. Turn this index off if you are not interested in field value queries and if you want to conserve disk space and decrease loading time.|

Page 396

|field value positions|Off (index is not built)|Speeds up the performance of proximity queries that use the cts:field-value-query function. Turn this index off if you are not interested in proximity queries and if you want to conserve disk space and decrease loading time.|

|Index|Default Setting|Description| |---|---|---| | | | | |trailing wildcard searches|Off (index is not built)|Speeds up wildcard searches where the search pattern contains the wildcard character at the end (for example, abc*). Turn this index on to speed up wildcard searches that match a trailing wildcard. The trailing wildcard search index uses roughly the same space as the three character searches index, but is more efficient for trailing wildcard queries. It does not speed up queries where the wildcard character is at the beginning of the term.| |trailing wildcard word positions|Off (index is not built)|Speeds up the performance proximity queries that use trailing-wildcard word searches, such as wildcard queries that use the cts:near-query function and multi-word phrase searches that contain one or more wildcard terms. Turn this index on if you are using trailing wildcard searches and proximity queries together in the same search.| |fast element trailing wildcard searches|Off (index is not built)|Faster wildcard searches with the wildcard at the end of the search pattern within a specific element, but slower document loads and larger database files.| |three character searches|Off (index is not built)|Speeds up wildcard searches where the search pattern contains three or more consecutive non-wildcard characters (for example, abc*x, *abc, a?bcd). When combined with a codepoint word lexicon, speeds the performance of any wildcard search (including searches with fewer than three consecutive non-wildcard characters). MarkLogic recommends combining the three character search index with a codepoint collation word lexicon. For details on wildcard characters, see Understanding and Using Wildcard Searches in the Application Developer’s Guide. When character indexing is turned on, performance is also improved for fn:contains(), fn:matches(), fn:starts-with() and fn:ends-with() for most query expressions. Turn this index on if you want to enable wildcard searches that match three or more characters. If you need wildcard searches to match only two or one characters, then you should enable two character searches and/or one character searches.

| |three character word positions|Off (index is not built)|Speeds up the performance of proximity queries that use three-character word searches, such as queries that use the cts:near-query function and multi-word phrase searches that contain one or more wildcard terms. Turn this index on if you are using wildcard searches and proximity queries together in the same search.|

|Index|Default Setting|Description| |---|---|---| | | | | |two character searches|Off (index is not built)|Enables wildcard searches where the search pattern contains two or more consecutive non-wildcard characters. For details on wildcard characters, see Understanding and Using Wildcard Searches in the

Application Developer’s Guide. When character indexing is turned on in the database, the system also delivers higher performance for fn:contains(), fn:matches(), fn:starts-with() and fn:ends-with() for most query expressions. Turn this index on to speed up wildcard searches that match two or more characters (for example, ab*). This index is not needed if you have three character searches and a word lexicon.| |one character searches|Off (index is not built)|Speeds up wildcard searches where the search pattern contains only a single non-wildcard character. For details on wildcard characters, see Understanding and Using Wildcard Searches in the Application Developer’s Guide. When character indexing is turned on in the database, the system also delivers higher performance for fn:contains(), fn:matches(), fn:starts-with() and fn:ends-with() for most query expressions. Turn this index on if you want to enable wildcard searches that match one or more characters (for example, a*). This index is not needed if you have three character searches and a word lexicon.

| |fast element character searches|Off (index is not built)|Turn this index on to improve performance of wildcard searches that query specific XML elements or JSON properties. Also, speeds up element-based wildcard searches. Turn this index on to improve performance of wildcard searches that query specific elements. For details on wildcard characters, see Understanding and Using Wildcard Searches in the Application Developer’s Guide.

|

|Index|Default Setting|Description| |---|---|---|

Page 397

| | | | |word lexicons|Off (index is not built)|Maintains a lexicon of all of the words in a database, with uniqueness determined by a specified collation. For details on lexicons, see “Range Indexes and Lexicons” on page 389 and the chapter on lexicons in the Application Developer’s Guide. For details on collations, see the Language Support in MarkLogic Server chapter in the Search Developer’s Guide.

Speeds up wildcard searches. Works in combination with any other available wildcard indexes to improve search index resolution and performance. When used in conjunction with the three character search index, improves wildcard index resolution and speeds up

wildcard searches. If you have three character search and a word lexicon enabled for a database, then there is no need for either the one character or two character search indexes. For best performance, the word lexicon should be in the codepoint collation (http://marklogic.com/collation/codepoint). For details on wildcard searches, see the chapter on wildcard searches in the Application Developer’s Guide.| |uri lexicon|On (index is built)|Maintains a lexicon of all of the URIs used in a database. The URI lexicon speeds up queries that constrain on URIs. It is like a range index of all of the URIs in the database. To access values from the URI lexicon, use the cts:uris or cts:uri-match APIs.| |collection lexicon|On (index is built)|Maintains a lexicon of all of the collection URIs used in a database. The collection lexicon speeds up queries that constrain on collections. It is like a range index of all of the collection URIs in the database. To access values from the collection lexicon, use the cts:collections or cts:collection-match APIs.|

25.1.2 Viewing Text Index Configuration To view text index configuration for a particular database, complete the following procedure:

1. Click on the Databases icon on the left tree menu.

2. Locate the database for which you want to view text index configuration settings, either in the tree menu or in the Database Summary table.

3. Click the name of the database for which you want to view the settings.

############ 4. Scroll down until the text index settings are visible. The following screen shots show thedefault configuration of text indexing for a database:

![image 158](admin_images/imageFile158.png)

![image 159](admin_images/imageFile159.png)

![image 160](admin_images/imageFile160.png)

25.1.3 Configuring Text Indexes To configure text indexes for a particular database, complete the following procedure:

Page 398

Page 399

Page 400

Page 401

Page 402

• Deleting a Phrasing or Element-Word-Query Setting
######### 25.2.3.1 Viewing Phrasing and Element-Word-Query Settings
To view element-word-query-through, phrase-through, and phrase-around settings for a particular database, complete the following procedure in the Admin Interface:
1. Click on the Databases icon on the left tree menu.

2. Locate the database for which you want to view element-word-query-through, phrase-through, or phrase-around settings, either in the tree menu or in the Database Summary table.
3. Click the name of the database for which you want to view the settings.

4. Click the Element-Word-Query-Throughs, Phrase-Throughs, or Phrase-Arounds icon, depending on which one you want to view.

5. The configuration page displays.
The following example shows that the Documents database has been configured with a number of phrase-through elements, including the , , , ,
and
elements of the XHTML namespace:
![image 161](admin_images/imageFile161.png)
######### 25.2.3.2 Configuring Phrasing and Element-Word-Query Settings

Page 403

To configure element-word-query-through, phrase-through, and phrase-around settings for a particular database, perform the following procedure in the Admin Interface:
1. Click the Databases icon in the left tree menu.

2. Locate the database for which you want to configure element-word-query-through, phrase-through, or phrase-around settings, either in the tree menu or in the Database Summary table.

3. Click the name of the database for which you want to configure the settings.

4. Click the Element-Word-Query-Throughs, Phrase-Throughs, or Phrase-Arounds icon, depending on which one you want to configure.
Note: The remainder of this procedure will assume that you have chosen to configure phrase-through settings. If you wish to configure phrase-around or element-word-query-through settings, the steps are completely analogous, once you have clicked on the corresponding icon.
5. Click the Create tab at the top right. The Phrase-Throughs Configuration page displays:

6. Enter the namespace URI of the XML element that you are specifying as a phrase-through element.
Every XML element is associated with a namespace. For the phrase-through setting to be precise, you must specify the namespace of the XML element. Leaving the namespace URI field blank specifies the universal unnamed namespace.
Alternatively, you can specify that the element is namespace independent by putting an asterisk (*) in the namespace URI field.
7. Enter the element name in the local name field.
The local name is the name of the XML element that you are specifying as a phrase-through element. If you want to specify more than one element that is associated with the specified namespace, you can provide a comma-separated list of element names.
8. To add more phrase-throughs, click the More Items button and repeat steps 6 and 7 for each phrase-through element as needed.

Page 404

9. Scroll to the top or bottom and click OK. The new phrase-through is added.
![image 162](admin_images/imageFile162.png)
Note: If you change the element-word-query-through, phrase-through, or phrase-around settings for a particular database after documents have already been loaded, you should reindex your existing data, either by setting the reindexer enable setting to true for that database or by reloading the data.
######### 25.2.3.3 Deleting a Phrasing or Element-Word-Query Setting
To delete an element-word-query-through, phrase-through, or phrase-around setting for a particular database, perform the following procedure in the Admin Interface:
1. Click the Databases icon in the left tree menu.

2. Locate the database for which you want to delete element-word-query-through, phrase-through, or phrase-around settings, either in the tree menu or in the Database Summary table.

3. Click the name of the database for which you want to delete the settings.

4. Click the Element-Word-Query-Throughs, Phrase-Throughs, or Phrase-Arounds icon, depending on which one you want to delete. The appropriate configuration page displays.

5. Scroll down to the element that you want to delete.

6. Click the Drop button next to the element that you want to delete. A confirmation message displays.

7. Confirm the delete operation and click OK. The Phrase-Through or Phrase-Around element is deleted from the database.
Note: If you change the element-word-query-through, phrase-through, or phrase-around settings for a particular database after documents have already been loaded, you should reindex your existing data, either by setting the reindexer enable setting to true for that database or by reloading the data.
######### 25.3 Query Behavior with Reindex Settings Enabled and Disabled

Page 405

When you load a document into a database, it is indexed based on the index settings at the time of the load. When you issue a query to a database, it is evaluated based on a consistent view of the index settings. This consistent view might not include all of the index features that are enabled in the database. This section describes the behavior of queries at various index-setting states of the database, and includes the following parts:
• Understanding the Reindexer Enable Settings
• Query Evaluation According to the Lowest Common Denominator
• Reindexing Does Not Apply to Point-In-Time Versions of Fragments
• Example Scenario
######### 25.3.1 Understanding the Reindexer Enable Settings
At the database level, you can enable or disable automatic reindexing by setting the reindexer enable setting to true or false for that database. When the reindexer is enabled, any index or fragment changes to the database settings will cause all documents in the database that are not indexed/fragmented according to the settings to initiate a reindex operation. Note the following about the database settings and the reindex operation:
• When reindexing is enabled, the reindex operation runs as a background task. You can set a higher or lower priority on the reindexing task by increasing or decreasing the setting of the reindexer throttle.

• Any new documents added to or updated in the database will get the new database settings. This is true both with reindexing enabled and with reindexing disabled.

• After changing index or fragmentation settings in a database, because new or modified documents get the new settings, the database can get into a state where some documents are indexed/fragmented differently from other documents in the database.

• After changing index or fragmentation settings in a database in which reindexing is enabled, the old documents are reindexed according to the new settings, but the new settings do not take effect for queries until the reindex operation has completed and all documents are indexed to the state matching the database settings.

• After changing index or fragmentation settings in a database in which reindexing is disabled, new and changed documents get the current settings, but queries will not take advantage of the new settings until all documents in the database match the database settings.

• Even if reindexing is disabled, when you add tokenizer overrides to a field, those tokenization changes take effect immediately, so all new queries against the field will use the new tokenization (even if it is indexed with the previous tokenization).

Page 406

######### 25.3.2 Query Evaluation According to the Lowest Common Denominator
When queries are evaluated, they use the index settings that are calculated for the database at a given time. The current index settings for a query are determined at the time of query evaluation, and are based on the lowest common denominator of (that is, the index/fragmentation settings that are the least of) the following:
• The index/fragmentation settings defined in the database configuration.

• The actual index/fragmentation of documents/fragments in the database.
At any given time, the current lowest common denominator is invalidated upon the following events:
• system startup

• a change to the database configuration settings

• when a reindexing operation completes
If the lowest common denominator is invalidated, it is recalculated the next time a query is issued against the database.
The net impact is that, when index/fragmentation settings have changed on a database after any data is loaded, queries cannot take advantage of the new settings until the new settings meet the lowest common denominator criteria. Depending on the types of index setting changes you make, this can cause queries that behaved one way before index settings were changed to behave differently after the changes. The next section provides a sample scenario to help illustrate this behavior.
######### 25.3.3 Reindexing Does Not Apply to Point-In-Time Versions ofFragments

Page 407

If you have set a merge timestamp on the database to retain older versions of fragments for point-in-time queries, the older versions of the fragments will retain the indexing properties of the
database at the time when they were updated. Because of this, reindexing a database that uses point-in-time queries can cause unpredictable query results. MarkLogic recommends that you do not reindex a database that has the merge timestamp parameter set to anything but 0. For details on point-in-time queries, see the “Point-In-Time Queries” chapter in the Application Developer’s Guide. For details on setting the merge timestamp parameter, see “Merges and Point-In-Time Queries” on page 189.
######### 25.3.4 Example Scenario
This section describes a simple scenario showing the effect of changing index settings on query behavior over time.
The following figure shows how changing the index settings can effect queries that initiate after index setting changes occur.
Time
| | | | | | | | | |---|---|---|---|---|---|---|---| | | | | | | | | |
T1 T2 T3 T4 T6 T7
T5
- stemming

Page 408

- 3-character
- reindex false

- disable 3-character
load doc1
query doc1
load doc2
query doc1, doc2
query doc1
query settings:
query settings: - stemming
query settings: - stemming

Page 409

- stemming

- 3-character
In this scenario, the query issued at time T3 sees the doc1 document with stemming and
3-character wildcard indexes enabled. Wildcard queries such as abc* will be successful. The same wildcard query at time T5, however, will not be successful, because the 3-character index (which is required for the abc* query) was disabled at time T4. Note that the document doc1 is actually indexed with 3-character and stemming, but the query at time T5 only is able to use the stemming index. At time T7, the database has doc1 indexed with both stemming and 3-character indexes, but doc2 only has the stemming index. With reindexing disabled, the query at T7 will use the lowest common denominator, which is in this case stemming.
##### 26.0 Range Indexes and Lexicons
MarkLogic Server allows you to create, at the database level, indexes and lexicons on elements and attributes according to their QNames. This chapter describes these range indexes and lexicons. The following sections are included:
• Understanding Range Indexes
• Using Range Indexes for Value Lexicons
• Understanding Word Lexicons
• Understanding Path Range Indexes
• Viewing Element Range Index Settings

Page 410

• Defining Element Range Indexes
• Viewing Attribute Range Index Settings
• Defining Attribute Range Indexes
• Viewing Path Range Index Settings
• Defining Namespace Prefixes Used in Path Range Indexes and Fields
• Defining Path Range Indexes
• Viewing Element Word Lexicon Settings
• Defining Element Word Lexicons
• Viewing Attribute Word Lexicon Settings
• Defining Attribute Word Lexicons
• Defining Value Lexicons
• Deleting Range Indexes or Lexicons

Page 411

• Defining Field Range Indexes
Additionally, you can create range indexes on fields, as described in “Creating a Range Index on a Field” on page 178.
This chapter describes how to use the Admin Interface to create range indexes and lexicons. For details on how to create range indexes programmatically, see Adding Indexes to a Database in the Scripting Administrative Tasks Guide.
######### 26.1 Understanding Range Indexes
This chapter describes the types of range indexes shown in the table below. There are also field range indexes, as described in “Creating a Range Index on a Field” on page 178.
|Type|Description| |---|---| | | | |Element range index|A range index on an XML element or JSON property.| |Attribute range index|A range index on an attribute in an XML element.| |Path range index|A range index on an XML element, XML attribute, or JSON property as defined by an XPath expression.| |Field range index|A range index on a field. For details, see “Fields Database Settings” on page 159.|
MarkLogic Server maintains a universal index for every database to rapidly search the text, structure, and combinations of the text and structure that are found within collections of XML and JSON documents.

Page 412

In some cases, however, XML and JSON documents can incorporate numeric or date information. Queries against these documents may include search conditions based on inequalities (for example, price < 100.00 or date ≥ thisQtr). Specifying range indexes for these elements, attributes, and/or JSON properties will substantially accelerate the evaluation of these queries.
Defining a range index also allows you to use the range query constructors (cts:element-range-query and cts:element-attribute-range-query) in cts:search operations, making it easy to compose complex range-query expressions to use in searches. For details, see the Using Range Queries in cts:query Expressions chapter in the Search Developer’s Guide.
Similarly, you can create range indexes of type xs:string. These indexes can accelerate the performance of queries that sort by the string values, and are also used for lexicon queries (see “Understanding Word Lexicons” on page 394).
If you specify a range index on an element, and if you have elements of that name that have complex content (for example, elements with child elements), the content is indexed based on a casting of the element to the specified type of the range index. For example, if you specify a range index of type xs:string on an element named h1, then the following element:
This is a bold title.
is indexed with the value of This is a bold title, which is the value returned by casting the h1 element to xs:string. The same type casting applies to range indexes on XML attributes, JSON properties, and fields. This behavior allows you to index complex content without pre-processing the content.
Also, range indexes can improve the performance of queries that sort the results using an order by clause and return a subset of the data (for example, the first ten items). For details on this order by optimization using range indexes, see Sorting Searches Using Range Indexes in the Query
Performance and Tuning Guide guide.
MarkLogic Server supports range indexes for both elements and attributes across a wide spectrum of XML data types. For the most part, this list conforms to the XML totally ordered data types:
|Type|Description| |---|---| | | | |int|Positive and negative integers| |unsignedInt|Positive integers (including 0)|

Page 414

|---|---| | | | |XML element|The element name, the namespace for the element, the data type of the values found in that element.| |XML attribute|The attribute name, the name of the attribute’s parent element, a namespace for the element, and the data type of the values found in that attribute.| |JSON property|The property name and the data type of the values found in that property.| |path|An XPath expression and the data type of the values found in the element, attribute, or JSON property expressed by the XPath.| |field|The field name and data type of the values in the field. You must also configure the field definition. For details, see “Configuring Fields” on page 167.|
Range indexes are populated during the document loading process, and are automatically kept in sync through subsequent updates to indexed data. Consequently, range indexes should be specified for a database before any XML or JSON documents containing the content to be indexed are loaded into that database. Otherwise, the content must be either reindexed or reloaded to take advantage of the new range indexes.
Use the element range index interfaces and APIs to create indexes for JSON documents. Some restrictions apply. For details, see Creating Indexes and Lexicons Over JSON Documents in the Application Developer’s Guide.
You can create the same type of index with a path range index as you can with an element or attribute range index. Path range indexes are useful in circumstances in which an element or attribute range index will not work. For example, you may have documents with the same element name appearing under different parent elements and you only want to index the elements appearing under one of the parent elements. In this case, a path range index is required to correctly index that element.
When creating a range index with a scalar type of string (xs:string), specify a collation as well as the element/attribute QNames or JSON property name. The collation specifies the unique ordering for the string values. You can have multiple range indexes on the same element, attribute, or JSON property with different collations; that is, the collation is part of the unique identifier for the string range index. For details about collations, see the Encodings and Collations chapter in the Search Developer’s Guide.
Because a range index stores typed data, if the data you load does not conform to that type, or if it cannot be coerced to conform to the specified type, it cannot be loaded into the document. For each range index, you can specify what to do for invalid values, either reject them and have the document load throw an exception and fail, or ignore them and log the coercion errors in the ErrorLog.txt file at Debug level. The default is to reject invalid data.
Range indexes use disk space and consume memory. That is the trade-off for improved performance. Additionally, if you have a large amount of range index data and if your system is updated regularly, you might need to increase the size of your journals. For details on the database journal settings, see “Memory and Journal Settings” on page 137.
######### 26.2 Using Range Indexes for Value Lexicons

Page 415

In addition to speeding up sorting and comparison queries, MarkLogic Server uses range indexes to resolve XML element, XML attribute, JSON property, and field value lexicon queries. These are queries that use the following search APIs:
• cts:values

• cts:value-match

• cts:element-attribute-values

• cts:element-attribute-value-match

• cts:element-values

• cts:element-value-match

• cts:field-values

• cts:field-value-match
The cts:values and cts:value-match functions work on any kind of range index and are equivalent to the corresponding index-specific function when called with a reference to the same type of index. For example, the following two function calls are equivalent:
cts:values(cts:element-reference(xs:QName("some-element"))) cts:element-values(xs:QName("some-element")
In order to use any of these APIs, you must create range indexes on the element(s), attribute(s), JSON property(s), or field(s) specified in the query. The type of the range index must match the type specified in the lexicon API.
For details about lexicons, see the Browsing With Lexicons chapter of the Search Developer’s Guide. For more details on the lexicon APIs, see the MarkLogic XQuery and XSLT Function Reference.
######### 26.3 Understanding Word Lexicons
MarkLogic Server allows you to create a word lexicon that is restricted to a particular XML element, XML attribute, JSON property, or field. You can also define a field word lexicon across a collation. A word lexicon stores all of the unique words that are stored in the specified element, attribute, or JSON property. The words are stored case-sensitive and diacritic sensitive, so the words Ford and ford would be separate entries in the lexicon.

Page 416

Word lexicons are used in wildcard searches (when wildcarding is enabled). For details, see Understanding and Using Wildcard Searches in the Search Developer’s Guide.
To use a word lexicon, use the following search APIs:
• cts:element-attribute-words

• cts:element-attribute-word-match

• cts:element-words

• cts:element-word-match

• cts:field-words

• cts:field-word-match

• cts:json-property-words

• cts:json-property-word-match
######### 26.4 Understanding Path Range Indexes
A path range index enables you to define a range index on an XML element, XML attribute, or JSON property using an XPath expression. A path range index can give you finer control over what is indexed. For example, if your content contains elements with the same name at multiple levels, but you only want to index one of them, you can use a path range index to target just that one.
This section describes the XPath expressions you can use to define a path range index. For performance reasons, MarkLogic Server restricts you to a subset of XPath when defining a path range index.
• Limitations on Index Path Expressions

Page 417

• Examples of Index Path Expressions
• Testing the Validity of an Index Path Expression
• Using Namespace Prefixes in Index Path Expressions
######### 26.4.1 Limitations on Index Path Expressions
You can only use subset of XPath for defining path range indexes. The limitations are described in Path Field and Path-Based Range Index Configuration in the XQuery and XSLT Reference Guide.
Note: Avoid creating multiple path indexes that end with the same element/attribute, as ingestion performance degrades with the number of path indexes that end in common element/attributes.
You can use cts:valid-index-path to test whether or not you can use an XPath expression to define a path range index. For details, see “Testing the Validity of an Index Path Expression” on page 396.
Note numbers, booleans, and nulls in JSON documents are indexed separately rather than all being treated as text. For details on constructing XPath expressions on JSON documents, see Traversing JSON Documents Using XPath in the Application Developer’s Guide.
######### 26.4.2 Examples of Index Path Expressions
The following table provides examples of XPath expressions that are valid and invalid for defining a path range index.
Note: Avoid creating multiple path indexes that end with the same element/attribute, as ingestion performance degrades with the number of path indexes that end in common element/attributes.

Page 418

|Valid|Invalid| |---|---| | | | |//a|./a| |/a/b/c|/a/b[c=/p/q]| |/a/b[c]|/a/b[c=5+3]| |/a/b[c=5 and b=3]| | |/a/b[1]| | |//a/b[c<5]| | |//a/b[c="test"]| | |/a/*/c| | |a/b| | |/a[./b]/c|/a[/b]/c| |a| |
|Valid|Invalid| |---|---| | | | |/a/(b|c)|/a/(/b|/c)| |/a/(b|c)|(/a/b/c)[2]| |author[first-name="John"][last-name="Smith"]| | |author[first-name="John" and last-name="Smith"]| |

Page 419

|author[first-name="John" or first-name="Sam"]| | |/a/b[.//c] /a/b[c]|/a/b/[./c] /a/b[//c] /a/b/[/a/b/c]| |/a/(./b | c)/d|/a/(/a/b | /a/c)/d| |/a/child::*/b|/a/parent::*/b| |/a[fn:matches(@expr, 'is')]|/a/ [fn:matches(fn:name(.),"Joe")]| |/a/fn:contains("this")|/a/ [fn:contains(fn:name(.),"Bob")]|
Namespace prefixes are permitted in all valid path expressions. Note that you can also use fn:matches and fn:contains as part of the path expression, but you cannot use other functions in the path expression. Use cts:valid-index-path to test if a path expression is valid for an index path.
######### 26.4.3 Testing the Validity of an Index Path Expression
You can use the XQuery function cts:valid-index-path to test whether or not an XPath expression can be used to define a path range index. To test validity, copy the following query into Query Console, modify it to use your path expression, and run it.
xquery version "1.0-ml"; cts:valid-index-path("/a/b", fn:true())
Use the second parameter to control whether or not to verify that namespace binding definitions are configured for namespace prefixes used in the path expression.
######### 26.4.4 Using Namespace Prefixes in Index Path Expressions
XML namespace prefixes are permitted in all valid path range index expressions, but you must define the namespace binding in your database configuration. For example, if your path expression is /ns:a/ns:b, you must configure a namespace binding for the prefix ns.
To pre-define a namespace binding, use the Path Namespaces configuration page for your database in the Admin Interface or the XQuery function admin:database-add-path-namespace.

Page 420

For details, see “Defining Path Range Indexes” on page 403.
######### 26.5 Viewing Element Range Index Settings
To view the element range indexes that will be applied to documents as they are loaded or reindexed, perform the following steps:
1. Click the Databases icon on the left tree menu.

2. Locate the database whose range index you want to view, either in the tree menu or in the Database Summary table.

3. Click the name of the database for which you want to view the range index.

4. Click the Element Range Indexes icon. The Element Index Configuration page displays.
########## 26.6 Defining Element Range IndexesTo define a range index for an XML element or JSON property, perform the following steps:
1. Click the Databases icon on the left tree menu.

2. Locate the database for which you want to create a range index, either in the tree menu or in the Database Summary table.

3. Click the name of the database for which you want to create a range index.

4. Click the Element Range Indexes icon in the tree menu, under the selected database.
5. Click the Add tab. The Add Range Indexes configuration page displays:

6. Select the type of the XML element or JSON property for which you want to build a range index.

Page 421

7. If the index is of type xs:string, a collation box appears with a default collation. If you want the index to use a different collation than the default, enter the collation URI. You can click the Collation Builder button for a wizard that constructs the collation URI for you based on the language and other parameters you enter. For details about collations, see the Language Support in MarkLogic Server chapter in the Search Developer’s Guide.
8. Enter the namespace URI of the XML element. Skip this step for a JSON property index.
Every XML element is associated with a namespace. For the description of the element to be precise, you must specify the namespace of the XML element. The asterisk (*) cannot be used to indicate namespace independence. Leaving the namespace URI field blank specifies the universal unnamed namespace.
9. Enter the element or JSON property name in the localname field.
![image 163](admin_images/imageFile163.png)
The local name is the name of the XML element to be indexed. If you have more than one element of the same type in the same namespace that you want to index, you can provide a comma-separated list of element names.
10. Choose whether to index range value positions for this index. Setting range value positions to true will speed the performance of searches that use cts:near-query and cts:element-query with this index, but will use more disk space than leaving the positions off (range value positions false).

11. In the invalid values field, choose whether to allow insertion of documents that contain elements or JSON properties on which range index is configured, but the value of those elements cannot be coerced to the index data type. It can be configured to either ignore or reject. By default server rejects insertion of such documents. However, if a user configures invalid values to ignore, these documents can be inserted. This setting does not change the behavior of queries on invalid values after documents are inserted in the database. Performing an operation on an invalid value at query time can still result in an error.

12. To add more indexes, click the More Items button and repeat step 6 through step 11 for each index as needed.
13. Scroll to the top or bottom and click OK.
The new element range index or element word lexicon is added to the database. These rules are applied to XML and JSON documents loaded into the specified database from this point on.
Note: If you have reindexing enabled for the database and you specify an element that exists in a document, reindexing will run in the background. When the reindexing is complete, the new index will become available to queries.

Page 422

######### 26.7 Viewing Attribute Range Index Settings
To view the attribute range indexes that will be applied to documents as they are loaded or reindexed, perform the following steps:
1. Click the Databases icon on the left tree menu.

2. Locate the database for which you want to view a range index, either in the tree menu or in the Database Summary table.

3. Click the name of the database for which you want to view a range index.

4. Click the Attribute Range Indexes icon in the tree menu, under the selected database. The Attribute Range Index Configuration page displays.
########## 26.8 Defining Attribute Range IndexesTo define a range index for an attribute of a particular element, perform the following steps:
1. Click the Databases icon on the left tree menu.
2. Locate the database for which you want to create an index, either in the tree menu or in the Database Summary table.

3. Click the name of the database for which you want to create an index.

4. Under the selected database, click the Attribute Range Indexes icon in the tree menu for an attribute range index.

5. Click the Add tab. The Add Attribute Range Indexes page displays:

6. Select the type of the XML attribute for which you want to build an attribute range index.

7. If the index is of type xs:string, a collation box appears with a default collation. If you want the index to use a different collation than the default, enter the collation URI. You can click the Collation Builder button for a wizard that constructs the collation URI for you based on the language and other parameters you enter. For details about collations, see the Language Support in MarkLogic Server chapter in the Search Developer’s Guide.

Page 423

![image 164](admin_images/imageFile164.png)
8. Enter the namespace URI of the XML element that contains the attribute you want to index into the parent namespace URI field.
Every XML element is associated with a namespace. For the description of the element to be precise, you must specify the namespace of the XML element. The asterisk (*) cannot be used to indicate namespace independence. Leaving the namespace URI field blank specifies the universal unnamed namespace.
9. Enter the element name in the parent localname field.
The local name is the name of the XML element that contains the attribute to be indexed. If you have more than one element in the same namespace that contains the attribute you want to index, you can provide a comma-separated list of element names.
10. Enter the namespace URI of the attribute that you want to index into the namespace URI field.
Every XML attribute is associated with a namespace. For the description of the attribute to be precise, you must specify the namespace of the XML attribute. The asterisk (*) cannot be used to indicate namespace independence. Leaving the namespace URI field blank specifies the universal unnamed namespace.
11. Enter the attribute name in the localname field.
The local name is the name of the XML attribute to be indexed. If you have more than one attribute in the same namespace within the specified parent element(s) that you want to index, you can provide a comma-separated list of attribute names.
12. Choose whether to index range value positions for this index. Setting the value to true will speed the performance of searches that use cts:near-query and cts:element-query with this index, but will use more disk space than leaving the positions off (range value positions false).

13. In the invalid values field, choose whether to allow insertion of documents that contain attributes on which range index is configured, but the value of those attributes cannot be coerced to the index data type. It can be configured to either ignore or reject. By default server rejects insertion of such documents. However, if a user configures invalid values to ignore, these documents can be inserted. This setting does not change the behavior of queries on invalid values after documents are inserted in the database. Performing an operation on an invalid value at query time can still result in an error.

14. To add more indexes, click the More Items button and repeat step 6 through step 13 for each attribute index as needed.

Page 424

15. Scroll to the top or bottom and click OK.
The new attribute index is added to the database. These rules are applied to XML documents loaded into the specified database from this point on.
Note: If you have reindexing enabled for the database and you specify an element-attribute pair that exists in a document, reindexing will run in the background. When the reindexing is complete, the new index will become available to queries.
######### 26.9 Viewing Path Range Index Settings
To view the path range indexes that will be applied to documents as they are loaded or reindexed, perform the following steps:
1. Click the Databases icon on the left tree menu.

2. Locate the database for which you want to view a range index, either in the tree menu or in the Database Summary table.

3. Click the name of the database for which you want to view a range index.

4. Click the Path Range Indexes icon in the tree menu, under the selected database. The Path Range Index Configuration page displays.
######### 26.10 Defining Namespace Prefixes Used in Path Range Indexes and Fields
When you define a path range index over XML documents and your path uses namespace prefixes, you must pre-define any namespace bindings used in the path expression. These namespace bindings can be used by multiple path range indexes.
To define a namespace binding, perform the following steps:

Page 425

1. Click the Databases icon on the left tree menu.

2. Locate the database for which you want to create a namespace prefix binding, either in the tree menu or in the Database Summary table.

3. Click the name of the database for which you want to create a namespace binding.

4. Click the Path Namespaces icon in the tree menu, under the selected database.
5. Click the Add tab. The Path Namespaces Configuration page displays:

6. In the Prefix field, enter the namespace prefix you intend to use for the element or attribute in the XPath expression in your path range index.

7. In the Namespace URI field, enter the namespace URI of the XML element or attribute in the XPath expression.

8. Click OK.
![image 165](admin_images/imageFile165.png)
26.11 Defining Path Range Indexes To define a range index expressed by an XPath expression, perform the following steps:
1. If you are creating a path range index over XML data, create bindings for any namespaces prefixes used in your index XPath expression. For details, see “Defining Namespace Prefixes Used in Path Range Indexes and Fields” on page 402.

2. Click the Databases icon on the left tree menu.

3. Locate the database for which you want to create a range index, either in the tree menu or in the Database Summary table.

4. Click the name of the database for which you want to create a range index.

5. Click the Path Range Indexes icon in the tree menu, under the selected database.

Page 426

6. Click the Add tab. The Path Range Index Configuration page displays:

7. Select the type of the XML element, XML attribute, or JSON property for which you want to build a range index.

8. If the index is of type xs:string, a collation box appears with a default collation. If you want the index to use a different collation than the default, enter the collation URI. You can click the Collation Builder button for a wizard that constructs the collation URI for you based on the language and other parameters you enter. For details about collations, see the Language Support in MarkLogic Server chapter in the Search Developer’s Guide.
9. Enter the XPath expression in the path expression field. For XML, you can use any namespace prefix you created in step 1. XPath expressions are summarized in XPath Quick Reference in the XQuery and XSLT Reference Guide. Not all XPath features are supported by path range indexes. For details, see “Understanding Path Range Indexes” on page 394.
Note: You can use the cts:valid-index-path function to test whether the path is
syntactically correct for use in a path range index.
Note: You cannot have a path span across a fragment root. Paths should be scoped within
fragment roots
10. Choose whether to index range value positions for this index. Setting the value to true will speed the performance of searches that use cts:near-query, cts:element-query, and
![image 166](admin_images/imageFile166.png)
cts:json-property-scope-query with this index, but will use more disk space than leaving the positions off (range value positions false).

11. In the invalid values field, choose whether to allow insertion of documents that contain XML elements, XML attributes, or JSON properties on which range index is configured, but the value of those elements, attributes, or properties cannot be coerced to the index data type. It can be configured to either ignore or reject. By default server rejects insertion of such documents. However, if a user configures invalid values to ignore, these documents can be inserted. This setting does not change the behavior of queries on invalid values after documents are inserted in the database. Performing an operation on an invalid value at query time can still result in an error.

12. To add more indexes, click the More Items button and repeat step 7 through step 11 for each index as needed.

Page 427

13. Scroll to the top or bottom and click OK.
The new path range index is added to the database. These rules are applied to XML or JSON documents loaded into the specified database from this point on.
Note: If you have reindexing enabled for the database and you specify an XML element, XML attribute, or JSON property that exists in a document, reindexing will run in the background. When the reindexing is complete, the new index will become available to queries.
Note: Once you have created a path range index, you cannot change the path expression. Instead, you must remove the existing path range index and create a new one with the updated path expression.
######### 26.12 Viewing Element Word Lexicon Settings
To view the lexicon that will be applied to documents as they are loaded or reindexed, perform the following steps:
1. Click the Databases icon on the left tree menu.

2. Locate the database whose range index or lexicon you want to view, either in the tree menu or in the Database Summary table.

3. Click the name of the database for which you want to view the lexicon.

4. Click the Element Word Lexicons icon. The Element Word Lexicon Configuration page displays.
26.13 Defining Element Word Lexicons To define a lexicon for an XML element or JSON property, perform the following steps:

Page 428

1. Click the Databases icon on the left tree menu.

2. Locate the database for which you want to create lexicon, either in the tree menu or in the Database Summary table.

3. Click the name of the database for which you want to create a lexicon.

4. Click the Element Word Lexicons icon in the tree menu, under the selected database.

5. Click the Add tab. The Element Word Lexicon Configuration page displays:

6. If you are defining a lexicon on an XML element, enter the namespace URI of the XML element.
![image 167](admin_images/imageFile167.png)
Every XML element is associated with a namespace. For the description of the element to be precise, you must specify the namespace of the XML element. The asterisk (*) cannot be used to indicate namespace independence. Leaving the namespace URI field blank specifies the universal unnamed namespace.
7. Enter the XML element or JSON property name in the localname field.
The local name is the name of the XML element or JSON property to be indexed. If you have more than one element of the same type in the same namespace that you want to index or more than one property name, you can provide a comma-separated list of names.
8. The collation box appears with a default collation. If you want the lexicon to use a different collation than the default, enter the collation URI. You can click the Collation Builder button for a wizard that constructs the collation URI for you based on the language and other parameters you enter. For details about collations, see the Language Support in MarkLogic Server chapter in the Search Developer’s Guide.
9. To add more word lexicons, click the More Items button and repeat step 6 through step 8 for each lexicon as needed.
10. Scroll to the top or bottom and click OK.

Page 429

The new range index or word lexicon is added to the database. These rules are applied to XML or JSON documents loaded into the specified database from this point on.
Note: If you have reindexing enabled for the database and you specify an element that exists in a document, reindexing will run in the background. When the reindexing is complete, the new index will become available to queries.
######### 26.14 Viewing Attribute Word Lexicon Settings
To view the lexicon that will be applied to documents as they are loaded or reindexed, perform the following steps:
1. Click the Databases icon on the left tree menu.

2. Locate the database for which you want to view a lexicon, either in the tree menu or in the Database Summary table.

3. Click the name of the database for which you want to view a lexicon.

4. Click the Attribute Word Lexicons icon in the tree menu, under the selected database. The Element-Attribute Word Lexicon page displays.
########## 26.15 Defining Attribute Word LexiconsTo define a lexicon for an attribute of a particular element, perform the following steps:
2. Locate the database for which you want to create a lexicon, either in the tree menu or in the Database Summary table.

3. Click the name of the database for which you want to create a lexicon.

4. Under the selected database, click the Attribute Word Lexicon icon.

5. Click the Add tab. The Element-Attribute Word Lexicon Configuration page displays:

6. Enter the namespace URI of the XML element that contains the attribute you want to index into the parent namespace URI field.
Every XML element is associated with a namespace. For the description of the element to be precise, you must specify the namespace of the XML element. The asterisk (*) cannot be used to indicate namespace independence. Leaving the namespace URI field blank specifies the universal unnamed namespace.

Page 430

7. Enter the element name in the parent localname field.
![image 168](admin_images/imageFile168.png)
The local name is the name of the XML element that contains the attribute to be indexed. If you have more than one element in the same namespace that contains the attribute you want to index, you can provide a comma-separated list of element names.
8. Enter the namespace URI of the attribute that you want to index into the namespace URI field.
Every XML attribute is associated with a namespace. For the description of the attribute to be precise, you must specify the namespace of the XML attribute. The asterisk (*) cannot be used to indicate namespace independence. Leaving the namespace URI field blank specifies the universal unnamed namespace.
9. Enter the attribute name in the localname field.
The local name is the name of the XML attribute to be indexed. If you have more than one attribute in the same namespace within the specified parent element(s) that you want to index, you can provide a comma-separated list of attribute names.
10. The collation box appears with a default collation. If you want the lexicon to use a different collation than the default, enter the collation URI. You can click the Collation Builder button for a wizard that constructs the collation URI for you based on the language and other parameters you enter. For details about collations, see the Language Support in MarkLogic Server chapter in the Search Developer’s Guide.
11. To add more element-attribute word lexicons, click the More Items button and repeat step 6 through step 10 for each attribute index as needed.
12. Scroll to the top or bottom and click OK.

Page 431

The new attribute index or attribute word lexicon is added to the database. These rules are applied to XML documents loaded into the specified database from this point on.
Note: If you have reindexing enabled for the database and you specify an element-attribute pair that exists in a document, reindexing will run in the background. When the reindexing is complete, the new index will become available to queries.
######### 26.16 Defining Value Lexicons
Value lexicons are implemented using range indexes of type xs:string on the element(s), attribute(s), JSON properties, or fields specified in a query. Therefore, to create a value lexicon, you create a range index of type xs:string for the specified element(s), attribute(s), JSON properties, or fields. Use an element range index for a JSON property value lexicon.
######### 26.17 Deleting Range Indexes or Lexicons
To delete element or attribute indexes or lexicons for a specific database, perform the following steps:
2. Locate the database for which you want to delete a range index or lexicon, either in the tree menu or in the Database Summary table.

3. Click the name of the database for which you want to delete a range index or lexicon.

4. Determine whether you need to delete an element range index, an attribute range index, an element word lexicon, or an attribute word lexicon.

5. Click the Element Range Index icon, Attribute Range Index icon, Path Range Index icon, Element Word Lexicon icon, or the Attribute Word Lexicon icon. The configuration page for the appropriate index appears.

6. Locate the index you want to delete and click Delete.

7. A confirmation message displays. Confirm the delete and click OK. The index or lexicon is deleted from the database.
######### 26.18 Defining Field Range Indexes
Fields provide a convenient mechanism for querying a portion of the database based on XML element QNames or JSON property names. You can define a field, and then create a range index or word or value lexicon over it. For details, see “Fields Database Settings” on page 159.

Page 432

##### 27.0 Fragments
When loading data into a database, you have the option of specifying how XML documents are partitioned for storage into smaller blocks of information called fragments. For large XML documents, size can be an issue, and using fragments may help manage performance of your system. In general, fragments for XML documents should be sized between 10K and 100K. Fragments set too small or too big can slow down performance, so proper fragment sizing is important.
The actual fragmentation of an XML document is completely transparent to an application developer. At the application level, the document appears to be a single integral structure, regardless of how it is stored and managed as fragments on disk. Fragmentation is an application-transparent tuning mechanism.
However, fragmentation does impact relevance ranking. The relevance-ranking algorithm considers both term frequency within a target piece of content and overall term frequency within the database to rank results by relevance. Rather than consider term frequency across the entire XML document for ranking purposes, MarkLogic Server considers term frequency within the individual fragment (and its descendants) being ranked. Consequently, different fragmentation strategies may impact relevance rankings—particularly in situations when a single fragment may straddle multiple XML structures that you are trying to differentiate on a relevance basis.
With MarkLogic Server, you specify fragmentation rules that are used to partition your XML documents. These rules are applied one document at a time. However, fragmentation rules are specified at the database level—on the assumption that databases contain many documents with similar structures where the same fragmentation rules should be applied.
Fragmentation rules are applied to documents during document loads, updates, and database reindexing. Specifying additional fragmentation rules after documents have been loaded causes future updates and/or reindexing of those documents to use the new fragmentation rules, but does not change the fragmentation of existing documents (if reindex enable is set to true, however, the documents will eventually be reindexed and take on the new fragmentation policy). As a result, if you want to change the fragmentation rules for already loaded content, you will have to reload your documents or reindex the database so that your new fragmentation rules can take effect.
Use the following procedures for managing fragmentation rules:
• Choosing a Fragmentation Strategy
• Defining Fragment Roots
• Defining Fragment Parents
• Viewing Fragment Rules

Page 433

• Deleting Fragment Rules
######### 27.1 Choosing a Fragmentation Strategy
Proper fragmentation is important to performance. Before you specify how to fragment the XML data being loaded, you need to plan your fragmentation strategy. Apply the following guidelines:
• Fragments are described generically using XML element names.

• Fragments for XML documents should be between 10K and 100K in size (these are just general guidelines; in some situations, larger or smaller fragment sizes can work fine, and there are many factors that will affect performance for a given fragment size including disk block size, how many fragments are in the database, how often fragments are accessed, the types of queries used in the application, and so on).

• Fragments can be (and in many cases, should be) nested hierarchically.

• Smaller fragment sizes allow more efficient element-level updates in the database, but excessively small fragments can slow down both loading speed and query performance.

• Larger fragment sizes can also slow down query performance by requiring excessive loading of data from disk in resolving queries.

• In general, within the size range set above, larger fragment sizes deliver higherperformance overall than smaller fragment sizes.

• Text and small binary documents must fit in a single fragment. Therefore, set the database in memory tree size parameter to 1 to 2 MB larger than your largest text or small binary file. The largest small binary file size is always constrained by the “large size threshold” database configuration setting.
After you decide how to fragment your data, you can use either of the following methods:
• Fragment Roots
• Fragment Parents

Page 434

Both methods turn your fragmentation strategy into concrete rules for the system.
######### 27.1.1 Fragment Roots
If a document contains many instances of an XML structure that share a common element name, then these structures make sensible fragments. With MarkLogic Server, you can use this common element name as a fragment root.
The following diagram shows an XML document rooted at that contains many instances of a node. Each node contains further XML and averages between 15K and 20K in size. Based on this information, is a sensible element to use as a fragment root:
|| |---|
|| |---|
|| |---|

Page 435

|| |---|
######### 27.1.2 Fragment Parents
If your document contains many different XML substructures, each of which is a good candidate to be a fragment, then it would be time consuming to specify each substructure as a fragment root. Instead, you can specify fragments by setting the parent of these substructures to be a fragment parent—so that every substructure under this parent becomes a separate fragment, regardless of its name.
The following diagram shows a document with substructures of different names:
|| |---|
|| |---|

Page 436

|| |---|
|| |---|
In this case, you can use the element as a fragment parent, and the , , , and children automatically become fragments.
27.2 Defining Fragment Roots To define a rule for a fragment root, complete the following procedure:
1. Click the Databases icon on the left tree menu.

2. Determine the database for which you are specifying a new fragment rule.

3. Click the icon for this database, either in the tree menu or the Database Summary page.

4. Click the Fragment Roots icon.

5. Click the Create tab. The Fragment Roots Configuration page displays:

6. Enter the namespace URI of the XML element that you are using as a rule for the fragment root.
Every XML element is associated with a namespace. For the fragment rule to be precise, you must specify the namespace of the XML element. Leaving the namespace URI field blank specifies the universal unnamed namespace.
Alternatively, you can specify that the rule for the fragment root is namespace independent by putting an asterisk (*) in the namespace URI field.

Page 437

7. Enter the element name in the localname field.
![image 169](admin_images/imageFile169.png)
The local name is the name of the XML element used as the root of a fragment. If you have more than one fragment root rule associated with the specified namespace, you can provide a comma-separated list of element names.
8. To add more fragment roots, click the More Items button and repeat steps 6 and 7 for each fragment root as needed.
9. Scroll to the top or bottom and click OK.
The new fragment root rules are added to the database. These rules are applied to XML documents loaded into the specified database from this point on.
27.3 Defining Fragment Parents To define a rule for a fragment parent, perform the following steps:
1. Click the Databases icon on the left tree menu.

2. Determine the database for which you are specifying a new fragment parent.

3. Click the icon for this database, either in the tree menu or the Database Summary page.

4. Click the Fragment Parents icon.

5. Click the Create tab. The Create Fragment Parents page displays:

Page 438

![image 170](admin_images/imageFile170.png)
6. Enter the namespace URI of the XML element that you are using as a rule for the fragment parent.
Every XML element is associated with a namespace. For the fragment rule to be precise, you must specify the namespace of the XML element. Leaving the namespace URI field blank specifies the universal unnamed namespace.
Alternatively, you can specify that the rule for the fragment root is namespace independent by putting an asterisk (*) in the namespace URI field.
7. Enter the element name in the localname field.
The local name is the name of the parent XML element whose children will be fragment roots. If you have more than one fragment parent rule associated with the specified namespace, you can provide a comma-separated list of element names.
8. To add more fragment parents, click the More Items button and repeat steps 6 and 7 for each fragment parent as needed.
9. Scroll to the top or bottom and click OK.
The new fragment rules are added to the database. These rules are applied to XML documents loaded into the specified database from this point on.
27.4 Viewing Fragment Rules To view fragment rules that are in effect, perform the following steps:

Page 439

1. Click the Databases icon on the left tree menu.

2. Locate the database whose fragment rules you want to view, either in the tree menu or the Database Summary page.

3. Click the icon for this database.

4. Determine whether to view the rules for the fragment root or fragment parent.

5. Click either the Fragment Roots icon or Fragment Parents icon, under the specified database.
The following example shows that the Documents database has only one rule defined for a fragment parent. The rule states that any direct child of an element, regardless of the namespace for the element, should form the root of a fragment:
![image 171](admin_images/imageFile171.png)
27.5 Deleting Fragment Rules To delete fragment rules for a specific database, perform the following steps:
1. Click the Databases icon on the left tree menu.

2. Locate the database that contains the fragment rules you want to delete, either in the tree menu or the Database Summary page.

3. Click the icon for this database.

4. Determine whether you need to delete a rule for a fragment root or fragment parent.

5. Click either the Fragment Roots icon or Fragment Parents icon, under the specified database.

6. Locate the fragment rule you want to delete and click Delete.

7. A confirmation message displays. Confirm the delete and click OK. The fragment rule is dropped from the database.

Page 440

Note: Deleting fragment rules has no impact on the fragmentation that has already been applied to documents loaded into the database, unless reindexing is enabled for the database.
##### 28.0 Namespaces
Namespaces are a powerful mechanism used to differentiate between potentially ambiguous XML elements. Namespaces can be defined within individual XQuery programs. They can also be defined using the Admin Interface.
Namespaces can be defined for a group to apply to all HTTP, ODBC, XDBC, and WebDAV servers in a group or for a particular HTTP, ODBC, XDBC, or WebDAV server. However, a namespace cannot be defined to apply to a particular forest, database, or XQuery program.
For more information about namespaces, see the “Namespaces” chapter in XQuery and XSLT
Reference Guide, which provides a detailed description of XML namespaces and their use. Be sure to review this information before using the Admin Interface to manage your namespaces.
Use the following procedures for managing namespaces in the Admin Interface:
• Defining Namespaces for a Group
• Defining Namespaces for an HTTP, ODBC, or XDBC Server
• Viewing Namespace Settings for a Group
• Viewing Namespace Settings for an HTTP, ODBC, or XDBC Server

Page 441

• Deleting Namespaces for a Group
• Deleting Namespaces for an HTTP, ODBC, or XDBC Server
This chapter describes how to use the Admin Interface to manage namespaces. For details on how to manage namespaces programmatically, see Group Maintenance Operations in the Scripting Administrative Tasks Guide.
28.1 Defining Namespaces for a Group To define namespaces using the Admin Interface for a group, perform the following steps:
1. Click the Groups icon on the left tree menu.

2. Click the group in which you want to define the namespace, either in the tree menu or the Groups Summary page.

3. Click the Namespaces icon on the left tree menu, under the group name.
4. Click the Add tab. The Namespaces Configuration page displays:

5. Enter a prefix for your namespace.

6. Enter a URI for your namespace. If you are defining a prefix for the universal unnamed namespace, leave the URI blank.

7. To add more namespace definitions, click the More Items button and repeat steps 5 and 6 for each namespace as needed.
8. Scroll to the top or bottom and click OK. The namespace is now defined in the group.

Page 442

![image 172](admin_images/imageFile172.png)
######### 28.2 Defining Namespaces for an HTTP, ODBC, or XDBC Server
To define namespaces using the Admin Interface for an HTTP, ODBC, or XDBC Server, perform the following steps:
1. Click the Groups icon on the left tree menu.

2. Click the group which contains the HTTP, ODBC, or XDBC server for which you want to define the namespace, either in the tree menu or the Groups Summary page.

3. Click the App Servers icon as appropriate.

4. Click on the name of the App server for which you want to define the namespace.
5. Click on the Namespaces icon on the left tree menu, under the specified App server.

6. Click the Add tab at the top right. The Namespaces Configuration page displays:

7. Enter a prefix for your namespace.

8. Enter a URI for your namespace. If you are defining a prefix for the universal unnamed namespace, leave the URI blank.

9. To add more namespace definitions, click the More Items button and repeat steps 7 and 8 for each namespace as needed.
10. Scroll to the top or bottom and click OK. The namespace is now defined for the App Server.
![image 173](admin_images/imageFile173.png)

Page 443

28.3 Viewing Namespace Settings for a Group To view namespaces you have defined in the Admin Interface, perform the following steps:
1. Click the Groups icon on the left tree menu.

2. Click the group which contains the namespace you want to view, either in the tree menu or the Groups Summary page.
3. Click the Namespaces icon on the left tree menu, under the specified group. The Namespace Configuration page appears.
![image 174](admin_images/imageFile174.png)
######### 28.4 Viewing Namespace Settings for an HTTP, ODBC, or XDBC ServerTo view namespaces you have defined in the Admin Interface, perform the following steps:
1. Click the Groups icon on the left menu tree.

2. Click the group which contains the HTTP, ODBC, or XDBC server for which you want to view the namespace, either in the tree menu or the Groups Summary page.

3. Click the App Servers icon as appropriate.

4. Click on the name of the App Server for which you want to view the namespace.
5. Click the Namespaces icon on the left tree menu, under the specified App Server. The Namespace Configuration page appears.

Page 444

![image 175](admin_images/imageFile175.png)
28.5 Deleting Namespaces for a Group To delete namespaces that you defined in the Admin Interface, perform the following steps:
1. Click the Groups icon on the left tree menu.

2. Click the group from which you want to delete the namespace, either in the tree menu or the Group Summary page.

3. Click the Namespaces icon on the left tree menu, under the specified group.

4. Locate the namespace to be deleted and click Delete.

5. A confirmation message displays. Confirm the delete and click OK. The namespace is deleted from the group.
######### 28.6 Deleting Namespaces for an HTTP, ODBC, or XDBC Server
To delete namespaces that you defined in the Admin Interface for an HTTP, ODBC, or XDBC server, perform the following steps:
1. Click the Groups icon on the left tree menu.

2. Click on the group which contains the App Server from which you want to delete the namespace, either in the tree menu or the Group Summary page.
3. Click on the App Servers icon.

4. Click on the name of the App Server from which you want to delete the namespace, either in the tree menu or the App Server Summary page.

5. Click the Namespaces icon on the left tree menu, under the specified App Server. The namespace configuration screen appears.

Page 445

6. Locate the namespace to be deleted and click Delete.

7. A confirmation message displays. Confirm the delete and click OK. The namespace is deleted from the App Server.
##### 29.0 Understanding and Defining Schemas
This chapter describes schemas and lists procedures for defining them. The following topics are included:
• Understanding Schemas
• Procedures For Defining Schemas
For more information on the Schema database, loading schemas into MarkLogic Server, and using schemas in your applications, see the “Loading Schemas” chapter of the Application Developer’s Guide.
######### 29.1 Understanding Schemas
A schema is a data dictionary for your XML content. To specify a schema, you need to define the namespace to which the schema applies as well as the location of the schema file.
Schemas define the types of elements within XML documents. When knowing the type of an XML element would be beneficial to evaluating an XQuery program, MarkLogic Server will look for the relevant schema document (based on that element's namespace) using the following strategy:
1. If the XQuery program explicitly references a schema for the namespace in question, MarkLogic Server uses this reference.

2. Otherwise, MarkLogic Server searches the schema database for an XML schema document whose target namespace is the same as the namespace of the element that MarkLogic Server is trying to type.

Page 446

3. If no matching schema document is found in the database, MarkLogic Server looks in its Config directory for a matching schema document.

4. If no matching schema document is found in the Config directory, no schema is found.
Problems can arise in step 2 above when there are multiple schema documents in the schema database whose target namespace matches the namespace of the element that MarkLogic Server is trying to type. In this case, it is convenient to be able to use the Admin Interface to specify a default mapping.
Schema mappings can be specified for the HTTP, ODBC, or XDBC servers individually or for the group to apply to all HTTP, ODBC, or XDBC servers in the group. If the schema mapping defined for an HTTP, ODBC, or XDBC server conflicts with the schema mapping defined for the group, the former mapping is used.
When you specify a schema mapping in the Admin Interface, MarkLogic Server uses the following strategy to locate the schema:
1. First, MarkLogic Server searches the schema database for a document with the exact URI you specified in the schema mapping.
Note: If the schema mapping for the HTTP, ODBC, or XDBC server conflicts with the
schema mapping for the group, the former mapping is used.
2. If no matching schema document is found in the schema database, MarkLogic Server looks in its Config directory for a schema document whose filename matches the filename portion of the URI you specified.

3. If no matching schema document is found in the Config directory, no schema is found.
If a namespace is invoked by one or more data elements stored in a particular database, and the schema for that namespace is defined for the group or HTTP, ODBC, or XDBC server, MarkLogic Server applies the schema to the storage, indexing, and retrieval of that data.
Note: The schema database in this case is the schema database for the database in which

Page 447

the data is located.
29.2 Procedures For Defining Schemas Use the following procedures for defining schemas:
• Adding a Schema Definition for a Group
• Adding a Schema Definition for an HTTP, ODBC, or XDBC Server
• Viewing Schema Definitions for a Group
• Viewing Schema Definitions for an HTTP, ODBC, or XDBC Server
• Deleting a Schema Definition for a Group
• Deleting a Schema Definition for an HTTP, ODBC, or XDBC Server
######### 29.2.1 Adding a Schema Definition for a Group
To make a schema available to all HTTP, ODBC, or XDBC servers in a group, complete the following procedure:

Page 448

1. Click the Groups icon on the left tree menu.

2. Click the group in which you want to define the schema.

3. Click the Schemas icon on the left tree menu, under the specified group.
4. Click the Add tab. The Schema Configuration page displays:

5. Enter a namespace URI and corresponding schema location.
If you are planning to store the schema in your Config directory, the following table lists the default location of the Config directory on each platform:
6. To add more schema definitions, click the More Items button and repeat step 5 for other schemas as needed.
7. Scroll to the top or bottom and click OK. The schema is added to the group.
![image 176](admin_images/imageFile176.png)
|Platform|Schema Directory| |---|---| | | | |Microsoft Windows|C:\Program Files\MarkLogic\Config| |Red Hat Linux|/opt/MarkLogic/Config| |Mac OS X|~/Library/MarkLogic/Config/|

Page 449

######### 29.2.2 Adding a Schema Definition for an HTTP, ODBC, or XDBC Server
To make a schema available to a particular HTTP, ODBC, or XDBC server, perform the following steps:
1. Click the Groups icon on the left tree menu.
2. Click the name of the group which contains the HTTP, ODBC, or XDBC server to which you want to add a schema.

3. Click the App Servers icon.

4. Click the name of the App Server to which you want to add a schema.

5. Click the Schemas icon on the left tree menu, under the specified App Server.

6. Click the Add tab. The Schema Configuration page displays:

7. Enter a namespace URI and corresponding schema location.
If you are planning to store the schema in your config directory, refer to the following table for the default location of the config directory on your platform:
8. To add more schema definitions, click the More Items button and repeat step 7 for other schemas as needed.
9. Scroll to the top or bottom and click OK.

Page 450

![image 177](admin_images/imageFile177.png)
|Platform|Schema Directory| |---|---| | | | |Microsoft Windows|C:\Program Files\MarkLogic\Config| |Red Hat Linux|/opt/MarkLogic/Config| |Mac OS X|~/Library/MarkLogic/Config/|
The schema is added to the HTTP, ODBC, or XDBC server.
29.2.3 Viewing Schema Definitions for a Group To view a schema definition for a group, complete the following procedure:
1. Click the Groups icon on the left tree menu.

2. Click the group that contains the schema you want to view.

3. Click the Schemas icon on the left tree menu, under the specified group.
The following example shows just one schema. It specifies that the schema for namespace http:/ /www.w3.org/1999/xhtml is found in the file xhtml.1.xsd, which is located in the config directory of your MarkLogic Server program directory.
![image 178](admin_images/imageFile178.png)

Page 451

######### 29.2.4 Viewing Schema Definitions for an HTTP, ODBC, or XDBC ServerTo view a schema definition for an HTTP or XDBC Server, perform the following steps:
1. Click the Groups icon on the left tree menu.

2. Click on the name of the group which contains the HTTP , ODBC, or XDBC server with the schema you want to view.

3. Click the App Servers icon.

4. Click the name of the App Server with the schema you want to view.
5. Click the Schemas icon on the left tree menu, under the specified App Server.
The following example shows just one schema. It specifies that the schema for namespace http:/ /www.w3.org/1999/xhtml is found in the file xhtml.1.xsd, which is located in the config directory of your MarkLogic Server program directory.
![image 179](admin_images/imageFile179.png)
29.2.5 Deleting a Schema Definition for a Group To delete a schema definition for a group, perform the following steps:
1. Click the Groups icon on the left tree menu.

2. Click the group from which you want to delete the schema.

3. Click the Schemas icon on the left tree menu, under the specified group.

4. Locate the schema definition to be deleted from the system and click Delete.

5. A confirmation message displays. Confirm the delete and click OK. The schema is dropped from the group.

Page 452

29.2.6 Deleting a Schema Definition for an HTTP, ODBC, or XDBC Server To delete a schema definition for an HTTP, ODBC, or XDBC server, perform the following steps:
1. Click the Groups icon on the left tree menu.
2. Click the name of the group which contains the HTTP, ODBC, or XDBC server with the schema you want to delete.

3. Click the App Servers icon.

4. Click the name of the App Server with the schema you want to delete.

5. Click the Schemas icon on the left tree menu, under the specified App Server.

6. Click the Schemas icon on the left tree menu, under the specified App Server.

7. Locate the schema definition to be deleted from the system and click Delete.

8. A confirmation message displays. Confirm the delete and click OK. The schema is dropped from the App Server.
30.0 Log Files This chapter describes the log files and includes the following sections:
• Application and System Log Files
• Understanding the Log Levels

Page 453

• Configuring System Log Files
• Configuring Application Log Files
• Viewing the System Log
• Viewing the Application and System File Logs
• Accessing Log Files
For information on the audit log files, see “Auditing Events” on page 111.
######### 30.1 Application and System Log Files
There are separate log files for application-generated messages and for system-generated messages. This allows for separation of personally identifiable information (such as social security numbers, for example) and system messages (such as merge notices and other system activity). The application log files are configured on a per-App Server basis, and the system log files are configured at the group level. Each host has its own set of log files (both application and system log files). Things like uncaught application errors, which might contain data from an application, are sent to the application logs. Things like MarkLogic Server system activity are sent to the system log files.
######### 30.2 Understanding the Log Levels
MarkLogic Server sends log messages to both the operating system log and the MarkLogic Server system file log. Additionally, application log messages (messages generated from application code) are sent to the application logs. Depending on how you configure your logging functions, both operating system and file logs may or may not receive the equivalent number of messages. To enhance performance, the system log should receive fewer messages than the MarkLogic Server file log.
MarkLogic Server uses the following log settings, where Finest is the most verbose while Emergency is the least verbose:

Page 454

|Log Level|Description| |---|---| | | | |Finest|Extremely detailed debug level messages.| |Finer|Very detailed debug level messages.| |Fine|Detailed debug level messages.| |Debug|Debug level messages.| |Config|Configuration messages.| |Info|Informational messages. This is the default setting.| |Notice|Normal but significant conditions.| |Warning|Warning conditions.| |Error|Error conditions.| |Critical|Critical conditions.| |Alert|Immediate action required.| |Emergency|System is unusable.|
Log file settings are applied on a per-group basis. By default, the system log for a group is set to Notice while the file log is set to Info. As such, the system log receives fewer log messages than the file log. You may change these settings to suit your needs. It is more efficient to write to the file log than to the system log. It is good practice to run in production with the Debug file log level to get a more detailed record of operations. Log levels more verbose than Debug may result in very large log files and are not recommended for extended periods of time.
30.3 Configuring System Log Files To configure how log information is generated, perform the following steps:

Page 455

1. Click the Groups icon on the left tree menu.

2. Click the group for which you want to configure the log file settings.
3. Scroll down to the log settings, towards the bottom of the page. The following example shows the default log settings:

4. Go to System Log Level and change the level if needed.

5. Go to File Log Level and change the logging level of the MarkLogic Server private log file (ErrorLog.txt) if needed.

6. Go to Rotate Log Files and select when MarkLogic Server should start a new private log file for this group. The following table describes each time frame:
![image 180](admin_images/imageFile180.png)
|Time Frame|Description| |---|---| | | | |Never|The log file grows without bound.| |Daily|A new log file is started every day at 12:00 A.M.| |Sunday|A new log file is started every week on Sunday at 12:00 A.M.| |Saturday|A new log file is started every week on Saturday at 12:00 A.M.| |Friday|A new log file is started every week on Friday at 12:00 A.M.| |Thursday|A new log file is started every week on Thursday at 12:00 A.M.|

Page 456

|Time Frame|Description| |---|---| | | | |Wednesday|A new log file is started every week on Wednesday at 12:00 A.M.| |Tuesday|A new log file is started every week on Tuesday at 12:00 A.M.| |Monday|A new log file is started every week on Monday at 12:00 A.M.| |Monthly|A new log file is started at 12:00 AM on the first day of each month.|
7. Go to Keep Log Files and enter the number of private log files to keep.
The private log files are kept in an aging archive. After the number of log files grows to the value specified in the Keep Log File setting, when a new log file is started, the oldest log file archive is automatically deleted.
8. Scroll to the top or bottom and click OK.
30.4 Configuring Application Log Files To configure how log information is generated for an App Server, perform the following steps:
1. Click the Groups icon on the left tree menu.

2. Under App Servers for the group in which the App Server whose application log file settings you want to configure, click the desired App Server.

3. Scroll down to the log settings, towards the bottom of the page.

4. Go to File Log Level and change the logging level of the application log file (for example, 8543_ErrorLog.txt for the App Server on port 8543) if needed.

Page 457

5. Go to Log Errors and click true if you want uncaught application errors to go to the log file, otherwise click false.

6. Scroll to the top or bottom and click OK.
Note: The log rotation of application log files follows the same rules as the system log file for that group, as described in the procedure for “Configuring System Log Files” on page 434.
######### 30.5 Viewing the System Log
The system log messages that MarkLogic Server generates are viewable using the standard system log viewing tools available for your platform. On Windows platforms, the seven levels of logging messages are collapsed into three broad categories and the system log messages are registered as MarkLogic. On UNIX platforms, the system logs use the LOG_DAEMON facility, which typically sends system log messages to a file such as /var/log/messages, although this can vary according to the configuration of your system.
######### 30.6 Viewing the Application and System File Logs
The private system file log is maintained as a simple text file, and the application logs are also maintained as simple text files. You may view the current or any archived file log at any time using standard text file viewing tools. Additionally, you can access the log files from the Log tab on the main page of the Admin Interface.
The files are stored in the Logs directory under the MarkLogic Server data directory for your platform. You may have overridden the default location for this directory at installation time. The following table lists the default location of the file logs on your platform:
|Platform|Private Log Files| |---|---| | | | |Microsoft Windows|C:\Program Files\MarkLogic\Data\Logs\ErrorLog.txt C:\Program Files\MarkLogic\Data\Logs\_ErrorLog.txt| |Red Hat Enterprise Linux|/var/opt/MarkLogic/Logs/ErrorLog.txt /var/opt/MarkLogic/Logs/_ErrorLog.txt| |Mac OS X|~/Library/Application Support/MarkLogic/Data/Logs/ErrorLog.txt ~/Library/Application Support/MarkLogic/Data/Logs/_ErrorLog.txt|

Page 458

The application log files are prefixed with the port number of the App Server corresponding the log file. These files contain a set of log messages ordered chronologically. The number of messages depends on the system activity and on the log level that you set. For example, a file log set to Debug would contain many lines of messages whereas a file log set to Emergency would contain the minimum set of messages.
Any trace events are also written to the MarkLogic Server ErrorLog.txt file. Trace events are used to debug applications. You can enable and set trace events in the Admin Interface, on the Diagnostics page for a group. You can also generate your own trace events with the xdmp:trace function.
Note: When the log files are being written to a different device than the data files, it is possible to run out of space for logging. This does not appear to impact the servers ability to start, nor the availability of the forests, databases or app servers. Log entries will also still be written to /var/log/messages based on the configured OS logging level.
######### 30.7 Accessing Log Files
MarkLogic Server also produces access log files for each App Server. The access logs are in the NCSA combined log format, and show the requests made against each App Server. The access log files are in the same directory as the ErrorLog.txt logs, and have the port number encoded into their name. For example, the access log files for the Admin Interface is named 8001_AccessLog.txt. You may view the current or any archived file log at any time using standard text file viewing tools. Additionally, you can access the log files from the Log tab on the main page of the Admin Interface. Older versions of the access logs are aged from the system according to the settings configured at the group level, as described in “Configuring System Log Files” on page 434.
##### 31.0 Scheduling Tasks
This chapter describes how to schedule tasks that execute XQuery main modules at a predefined date/time or interval. The following topics are included:
• Understanding Scheduled Tasks
• Scheduling a Module for Invocation
• Selecting a Task Type
This chapter describes how to use the Admin Interface to manage scheduled tasks. For details on how to manage scheduled tasks programmatically, see Group Maintenance Operations in the Scripting Administrative Tasks Guide.

Page 459

######### 31.1 Understanding Scheduled Tasks
MarkLogic Server allows you to schedule the execution of XQuery main modules. The ability to schedule module execution is useful for:
• Loading content. For example, periodically checking for new content from an external data source, such as a web site, web service, etc.

• Synchronizing content. For example, when MarkLogic is used as a metadata repository, you might want to periodically check for changed data.

• Delivering batches of content: For example, initiate an RSS feed, hourly or daily.

• Delivering aggregated alerts, either hourly or daily.

• Delivering reports, either daily, weekly, or monthly.

• Polling for the completion of an asynchronous process, such as the creation of a PDF file
Tasks can be scheduled to run at a particular time on a particular date, or at a specified interval. MarkLogic Server attempts to place the task on the task server's queue at the specified time, but the actual execution of the task might not start at this time. If the queue is full, the task fails and will not be re-tried until the next scheduled interval.
31.2 Scheduling a Module for Invocation To schedule a module for invocation at a particular date/time or interval, do the following:
1. Click the Groups icon in the left tree menu.

2. Click on the group in which you want to schedule a task (for example, Default).

3. Click the Scheduled Tasks icon on the left tree menu.

4. Click on the Create tab to bring up the Schedule a Task page

Page 460

5. Specify the URI for the module to invoke in the Task Path field. The task path must begin with a forward slash (/) and cannot contain a question mark '?', colon ':' or pound '#' character.

6. In the Task Root field, specify the root directory (files system) or URI root (database) that contains the module.

7. In the Task Type field, select one of the task types described in “Selecting a Task Type” on page 441.

8. In the Database field, select the database on which to invoke the module.

9. In the Task Modules field, select either the file system or database that contains the module specified in the Task Path field.
If Task Modules is set to (file system), then place the module in or below the directory specified by Task Root. The file will be located on disk with a path that is the Task Root combined with the Task Path. For example, if the Task Root is /marklogic/modules and the Task Path is /tasks/test.xqy, then test.xqy should be located at /marklogic/
modules/tasks/test.xqy on the file system.
If Task Modules is set to a database, then load the module into that database at or under the URI root specified by Task Root. For example, for the configuration shown in Step 10, test.xqy should be inserted in the Modules datase at URI /marklogic/modules/test.xqy.
10. In the Task User and Task Host fields, specify the user with permission to invoke the task and the host computer on which the task is to be invoked. If no host is specified, then the task runs on all hosts.
Note: The user specified in the Task User field must have the privileges required to execute the functions used in the module. See “Appendix B: Pre-defined Execute Privileges” on page 469 for the full list of execute privileges.
Example of a Scheduled Task configuration:
![image 181](admin_images/imageFile181.png)
######### 31.3 Selecting a Task Type

Page 461

You can select one of the date/time or interval scheduling options described in this section as your task type.
The interval scheduling options that operate on elapsed time are:
• Scheduling Per Minute
• Scheduling Per Hour The date/time scheduling options that operate on calendar time are:

• Scheduling Per Day and Time
• Scheduling Per Week, Day, and Time
• Scheduling Per Month, Day, and Time
• Scheduling One Invocation on a Calendar Date and Time
Note: The date/time options are scheduled in terms of the local time designated by the server’s clock. This means that, in regions that recognize daylight savings time, a scheduling interval of 24 hours is not the same as a once-per-day at a particular time scheduling interval.
######### 31.3.1 Scheduling Per Minute
If you select minutely task type, specify how many minutes are to elapse between each invocation of the module. For example, to invoke the module every 5 minutes (or as soon as possible thereafter, if the server is overloaded), enter:

Page 462

![image 182](admin_images/imageFile182.png)
######### 31.3.2 Scheduling Per Hour
If you select hourly task type, specify how many hours are to elapse between each invocation of the module. The Task Minute setting specifies how many minutes after the hour the module is to be invoked. Note that the Task Minute setting does not add to the interval.
For example, to invoke the module every 2 hours at 30 minutes past the hour (or as soon as possible thereafter, if the server is overloaded), enter:
![image 183](admin_images/imageFile183.png)
If the current time is 2:15pm, the task will run at 2:30, 4:30pm, 6:30pm, 8:30pm, and so on.
######### 31.3.3 Scheduling Per Day and Time
If you select daily task type, specify how many days are to elapse between each invocation of the module and the time of day (in 24:00 notation) of the invocation.
For example, to invoke the module every three days at 12:00pm, enter:
![image 184](admin_images/imageFile184.png)
######### 31.3.4 Scheduling Per Week, Day, and Time

Page 463

If you select weekly task type, specify how many weeks are to elapse between each invocation of the module, as well as one or more days of the week and time (in 24:00 notation) of the invocation.
For example, to invoke the module every other week, on Friday, at 5:00pm, enter:
![image 185](admin_images/imageFile185.png)
######### 31.3.5 Scheduling Per Month, Day, and Time
If you select monthly task type, specify how many months are to elapse between each invocation of the module, as well as the day of the month and time (in 24:00 notation) of the invocation.
For example, to invoke the module every three months, on the 15th day of the month, at 8:00am, enter:
![image 186](admin_images/imageFile186.png)
######### 31.3.6 Scheduling One Invocation on a Calendar Date and Time
If you select once task type, specify the calendar day (month/day/year) and time (in 24:00 notation) of the invocation.
############ For example, to invoke the module on May 2, 2009 at 6:00pm, enter:
![image 187](admin_images/imageFile187.png)
##### 32.0 Using the Configuration Manager

Page 464

[DEPRECATED: the Configuration Manager tool is deprecated starting with MarkLogic release 10.0-3 and will be removed from the MarkLogic Server in the future.]
The MarkLogic Server Configuration Manager provides a read-only interface to the Admin Interface and a tool for saving and restoring configuration settings. This chapter includes the following sections:
• Configuration Manager Overview
• Security Considerations
• Accessing the Configuration Manager
• Viewing Configurations
• Searching for a Configuration Setting
• Editing Configuration Settings
• Exporting and Importing Configurations
• Applying Imported Configuration Settings
######### 32.1 Configuration Manager Overview

Page 465

The Configuration Manager allows you to view the configuration settings for MarkLogic Server resources. A resource is a MarkLogic Server object, such as a database, forest, App Server, group or host.
Use the Configuration Manager to:
• Allow non-admin users read-only access to configuration settings for databases, forests, groups, hosts, and App Servers.

• Easily search for resources and configuration settings.

• Safely review settings in read-only mode, then jump directly to the resource in the Admin Interface to modify the settings. (Administrative privileges are required to modify settings).

• Save resource configurations as XML inside a zip folder.

• Import previously saved resource configurations. Importing a configuration allows you to compare versions and update configuration settings.

• View data available through the Management REST API.
For details about the Management REST API, see Using the Management API in the Monitoring MarkLogic Guide.
Note: The Packaging REST API has changed for MarkLogic 7. Applications written using the MarkLogic 6 Packaging REST API (v1) must be rewritten to work with the MarkLogic 7 Packaging REST API (v2).
######### 32.2 Security Considerations
To access the Configuration Manager page, users must have the role manage-user. The role does not grant any privileges to modify configuration settings. Users with the manage-user role may:
• Access the Configuration Manager pages to view resources and settings.

• Export configurations to an ZIP file (with the exception of modules databases).

Page 466

• Import previously saved configurations into the Configuration Manager to view or compare them.
The manage-user role does not grant privileges to edit configuration settings, apply configuration changes from an imported configuration, or to export modules databases. To export the content of modules databases, you must have the manage-admin role. However, you won't be able to see modules that you don't have permissions to access. To install (Apply imported) packages, you must to have the admin privilege.
The manage-internal role is for MarkLogic Server internal use only. Do not assign this role to any users. Assigning this role to users would grant them privileges on the system that you typically do not want them to have.
######### 32.3 Accessing the Configuration Manager
To access the Configuration Manager, navigate to the URL http://yourhostname:8002/nav/ or click on the Configuration Manager tab from any application service page.
![image 188](admin_images/imageFile188.png)
Note: If the application does not appear, you may not have sufficient privileges. To make full use of the Configuration Manager, you must have the manage-admin security role. See "Security Considerations" on page 448.
32.4 Viewing Configurations To view the configuration settings for your MarkLogic Server resources, click on the View tab.
![image 189](admin_images/imageFile189.png)
The Configuration Manager provides two methods for locating the configuration settings for a particular resource:
• Browsing Resource Configurations

Page 467

• Searching for a Resource
32.4.1 Browsing Resource Configurations To find a resource and view its configuration by browsing:
1. Click on the resource category in the resource list on the left side of the Configuration Manager. The list of resources in the selected category appears. The number to the right of the resource category name indicates how many of that resource are present:

2. Click on the name of a resource to display the configuration:
![image 190](admin_images/imageFile190.png)
![image 191](admin_images/imageFile191.png)
############ 3. The Configuration Settings page displays the settings for the selected resource. In theright-hand frame, the resources that are related to the resource are also listed. You canclick on a related resource to view its configuration.
Note: For forests with partitions, a Partitions link will be included under related
resources.
![image 192](admin_images/imageFile192.png)

Page 468

############ 4. Some of the configuration settings are collapsed into containers. These are identified by anarrow preceding the container name. You can click on the arrow to expand the container to
display the details. For example, to view the forest range settings, you click on the arrow next to the Range container, as shown below:
![image 193](admin_images/imageFile193.png)
######### 32.4.2 Searching for a Resource
To search for a resource by name, use the search box at the top of the page. As you type, the Configuration Manager suggests matching resources.
1. Click in the search box and begin typing the name of a resource. A dropdown of suggested search matches appears:

2. Click on a search suggestion in the dropdown list to bring up that configuration, or click the Search button to display a page of matching resources from which to select.
![image 194](admin_images/imageFile194.png)
32.5 Searching for a Configuration Setting You may search within a resource configuration for a setting name or value:
1. Navigate to the resource you wish to search. See "Viewing Configurations" on page 449.

2. Click in the filter box just above the settings.

Page 469

![image 195](admin_images/imageFile195.png)
3. Begin typing any part of a setting name or value. The configuration settings are filtered as you type. The matching text in each setting is highlighted.
![image 196](admin_images/imageFile196.png)
######### 32.6 Editing Configuration Settings
Use the Edit feature to open the Admin UI at a particular resource and modify the settings. You may edit resource settings from a resource category list page or from the settings page for a resource.
Note: To edit configuration settings, you must have administrative privileges. To edit configuration settings for a resource:
1. From a resource category list, click the edit icon to the right of the resource name. The Admin Interface opens to that resource.

2. MarkLogic Server includes a REST Management API for collecting resource monitoring and management data, as described in the Using the Management API chapter in the Monitoring MarkLogic Guide. Using the Configuration Manager, you can easily view the data available for a resource through the REST Management API as HTML, XML, or JSON. Though the information available in the Configuration Manager overlaps with the data available through the Management API, the Management API exposes additional data, such as status information. You can view the resource settings in the Management API by clicking on the Management API icon:
3. Links to the Admin Interface and Management API are also available on the resource Configuration Settings page. For example, the Edit icon at the top of a database Configuration Settings page opens the configuration page for that database in the Admin Interface.
![image 197](admin_images/imageFile197.png)
![image 198](admin_images/imageFile198.png)

Page 470

![image 199](admin_images/imageFile199.png)
######### 32.7 Exporting and Importing Configurations
The Configuration Manager allows you to save configuration settings in a zip file, and then later import them to compare configurations and apply updates.
The Configuration Manager provides the following capabilities:
• Exporting a Configuration • Importing a Configuration • Comparing Imported Configuration with Current Configuration
Note: Security settings, such as SSL and External Security (LDAP and Kerberos) configurations, cannot be imported from an exported configuration file. If your exported configuration includes a server configured with SSL and/or External Security, you must reconfigure these security settings on the server after importing it to the new host.
Note: You can import a configuration saved in MarkLogic 6 into MarkLogic 7. However, you cannot import a configuration saved in MarkLogic 7 into MarkLogic 6.
######### 32.7.1 Exporting a Configuration
Exporting resource configurations saves them to a zip file.You may import these configurations back in to compare, review, and apply updates.
Note: You can only export App Server and Database configurations. You cannot export Host, Forest, or Group configurations. In addition, you cannot export an App Server or Database that has more than 200 characters in its name.
The following procedure describes how to export a configuration.
1. Navigate to the Configuration Manager and select the Export tab.

Page 471

![image 200](admin_images/imageFile200.png)
############ 2. Select the App Servers and/or Databases for which you want to export the configurations.You can select all of the Databases and or Servers by checking the category name in theleft-hand frame. For example, to select all of the Databases, do the following:
![image 201](admin_images/imageFile201.png)
Note: A colored-in check box indicates that some, but not all, of the resources in that category have been selected. You can clear all of the selected resources by clicking on the check box until it’s clear.
############ 3. If an App Server makes use of a modules database, an additional check box appears in theModules column. Check this box to export the modules database along with the AppServer configuration.
Note: You must have the correct roles to export and import a modules database, as
described in "Security Considerations" on page 448.
![image 202](admin_images/imageFile202.png)
############ 4. After you have selected all of the configurations to be exported, click Export.
![image 203](admin_images/imageFile203.png)
A zip file with a name format of package{id}.zip will be downloaded to your browser’s download directory. A unique id is produced and added to the name of each exported zip file.

Page 472

######### 32.7.2 Importing a Configuration
Use the Import feature of the Configuration Manager to upload and apply previously exported configuration packages.
Importing a configuration loads the saved settings into the Configuration Manager. No automatic configuration changes occur. Once you import a configuration (or set of configurations), you may compare the settings with existing configurations and optionally apply configuration changes, as described in "Comparing Imported Configuration with Current Configuration" on page 458.
The following procedure describes how to import a configuration.
1. Navigate to the Configuration Manager and select the Import tab.
![image 204](admin_images/imageFile204.png)
2. Click Browse and navigate to the location of the exported zip file.

3. A pop-up directory window appears. Double click on the package name and the package appears in the field next to the Browse button.
![image 205](admin_images/imageFile205.png)
![image 206](admin_images/imageFile206.png)
######### 32.7.3 Comparing Imported Configuration with Current Configuration

Page 473

This section describes how to compare the imported configuration package with your current configuration and determine how the settings are to be applied to your current configuration.
1. After importing a configuration, you can click the Compare button to compare the imported configuration with you current configuration.
![image 207](admin_images/imageFile207.png)
############ 2. You will see a summary of the differences between your current configuration and theimported configuration. To view details of the differences for a resource, click on theresource, as shown for the Documents database below.
![image 208](admin_images/imageFile208.png)
The meaning of the Settings symbols are shown in the legend at the bottom left-hand part of the page.
![image 209](admin_images/imageFile209.png)
############ 3. The resource Configuration Settings page displays the settings for both the Current andPackage configurations and highlights any differences and errors, if present. To view onlythe differences and errors, select Show Differences & Errors from the pull-down menu. Toview only the errors, select Show Errors Only.
![image 210](admin_images/imageFile210.png)
4. By default, all of the packaged settings are imported to your current configuration. If you want to keep a setting in your current configuration that conflicts with the packaged configuration, click on the setting’s Import box and uncheck to deselect the setting.

5. Some of the configuration settings are collapsed into containers. These are identified by an arrow preceding the container name. You can click on the arrow to expand the container to display the details. For example, to view the differences between the range element index settings, you click on the arrow next to the Range Element Indexes container, as shown below:

Page 474

![image 211](admin_images/imageFile211.png)
![image 212](admin_images/imageFile212.png)
6. You can set how the container settings are to be imported into your current configuration. Select the Merge policy if you want to import only additional settings. This policy ensures that only new settings are imported and no settings are removed from your current configuration.

7. If there are settings in your current configuration that are missing from the imported configuration, they are displayed when you select the Replace policy. The Replace policy will remove these settings from your current configuration.
![image 213](admin_images/imageFile213.png)
![image 214](admin_images/imageFile214.png)
######### 32.8 Applying Imported Configuration Settings
Once you have selected the settings to be used to modify your current configuration, click the Apply button:
![image 215](admin_images/imageFile215.png)
If the Apply Import operation is successful, a summary count of the imported settings is displayed. The import operation generated a ticket that provides the details of the imported resources. You can view this ticket by clicking on Link to Details Ticket. Should you wish to roll back the import operation to restore your previous configuration, click on Link to Rollback.
![image 216](admin_images/imageFile216.png)

Page 475

Note: Rolling back an import operation does not remove the imported forests.
##### 33.0 Appendix A: ‘Hot’ versus ‘Cold’ Admin Tasks
“Hot” admin tasks are defined as tasks that take effect immediately and do not require the server to restart. “Cold” admin tasks are defined as tasks that require one or more instances of the server to restart to reflect the changes. Cold tasks have an asterisk (*) next to the setting in the Admin UI.
In a clustered deployment, “cold” tasks will require one or more hosts in the cluster to restart their instance of MarkLogic in order to reflect the changes. In an single-server deployments, “cold” tasks will cause MarkLogic to restart in order to reflect the changes.
The tables below show the “hot” or “cold” status for adding objects, changing configuration parameters, and dropping objects for the following object types:
• Groups
• HTTP, ODBC, XDBC, and WebDAV Servers
• Databases
• Hosts
• Forests
• Mimetypes
• Security

Page 476

######### 33.1 Groups
|Add Object|Change Configuration Parameters|Delete Object| |---|---|---| | | | | |Hot|The following group parameters are hot: > group name > system log level > file log level > rotate log files > keep log files > namespaces > schemas

The following group parameters are cold for the hosts in the group: > list cache size > compressed tree cache size > expanded tree cache size

Adding and dropping hosts from groups is cold for that host.|Hot|
33.2 HTTP, ODBC, XDBC, and WebDAV Servers
|Add Object|Change Configuration Parameters|Delete Object| |---|---|---| | | | | |Hot|The following App Server parameters are hot: > server name > root > database > request timeout > keep alive timeout > session timeout > time limit > realm > security mode > namespaces > schemas > ssl certificate template > ssl hostname > ssl ciphers

The following App Server parameters are cold for all hosts in the group defining the HTTP, ODBC, XDBC, or WebDAV Server: > port > address > backlog > threads > ssl enabled|Cold|
33.3 Databases
|Add Object|Change Configuration Parameters|Delete Object|

Page 477

|---|---|---| | | | | |Hot|Parameters changes are hot|Hot|
33.4 Hosts
|Add Object|Change Configuration Parameters|Delete Object| |---|---|---| | | | | |Only the added host needs to restart|Only the host whose parameters change requires a restart. The rest of the hosts remain hot.|Hot for the remaining hosts.

|
33.5 Forests
|Add Object|Change Configuration Parameters|Delete Object| |---|---|---| | | | | |Hot|Parameter changes are hot. Backup is hot. Restore, clear and drop are hot|Hot|

Page 478

33.6 Mimetypes
|Add Object|Change Configuration Parameters|Delete Object| |---|---|---| | | | | |Cold|Parameter changes are cold.|Cold|
33.7 Security
|Add Object|Change Configuration Parameters|Delete Object| |---|---|---| | | | | |Hot|Parameter changes are hot.|Hot|
###### 34.0 Appendix B: Pre-defined Execute Privileges The pre-defined execute privileges listed below are included with every installation of MarkLogic Server.
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | |

Page 479

|add-query-rolesets|http://marklogic.com/xdmp/privileges/ add-query-rolesets|privilege to add query rolesets|sec:add-query-rolesets| |admin-database|http://marklogic.com/xdmp/privileges/ admin/database|privilege to administer databases|admin built-ins| |admin-default-read|http://marklogic.com/xdmp/privileges/ admin-default-read|internal privilege to use the Admin API for reading configuration information|admin built-ins| |admin-forest|http://marklogic.com/xdmp/privileges/ admin/forest|privilege to administer forests|admin built-ins| |admin-host|http://marklogic.com/xdmp/privileges/ admin/host|privilege to administer hosts|admin built-ins| |admin-app-server|http://marklogic.com/xdmp/privileges/ admin/app-server|privilege to administer app-servers|admin built-ins| |admin-app-server-security|http://marklogic.com/xdmp/privileges/ admin/app-server-security|privilege to administer app-servers’ security|admin built-ins| |admin-group|http://marklogic.com/xdmp/privileges/ admin/group|privilege to administer groups|admin built-ins| |admin-group-security|http://marklogic.com/xdmp/privileges/ admin/group-security|privilege to administer groups’ security|admin built-ins| |admin-cluster|http://marklogic.com/xdmp/privileges/ admin/cluster|privilege to administer clusters|admin built-ins| |admin-mimetype|http://marklogic.com/xdmp/privileges/ admin/mimetypes|privilege to administer mimetypes|admin built-ins| |admin-module-read|http://marklogic.com/xdmp/privileges/ admin-module-read|privilege to use the Admin API for reading configuration information|admin built-ins|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |admin-module-write|http://marklogic.com/xdmp/privileges/ admin-module-write|privilege to use the Admin API for writing configuration information|admin built-ins| |admin-ui|http://marklogic.com/xdmp/privileges/ admin-ui|privilege to view the Admin Interface, but not to make changes|admin built-ins| |amp-add-roles|http://marklogic.com/xdmp/privileges/ amp-add-roles|privilege to assign additional roles to the amp|sec:amp-add-roles| |amp-change-database|http://marklogic.com/xdmp/privileges/ amp-change-database|privilege to assign additional roles to the amp|sec:amps-change-modulesdatabase| |amp-get-roles|http://marklogic.com/xdmp/privileges/ amp-get-roles|privilege to get the roles associated with the amp|sec:amp-get-roles| |amp-remove-roles|http://marklogic.com/xdmp/privileges/ amp-remove-roles|privilege to remove roles assigned to the amp|sec:amp-remove-roles|

Page 480

|amp-set-roles|http://marklogic.com/xdmp/privileges/ amp-set-roles|privilege to set the roles associated with the amp|sec-amp-set-roles| |any-collection|http://marklogic.com/xdmp/privileges/ any-collection|privilege to add to or remove from any collection, regardless of whether it is protected|xdmp:document-add-collecti ons, xdmp:document-remove-coll ections, xdmp:document-set-collectio ns| |any-transaction-locks|http://marklogic.com/xdmp/privileges/ any-transaction-locks|privilege to see URIs currently locked for read or write by a transaction.|xdmp:transaction-locks| |any-uri|http://marklogic.com/xdmp/privileges/ any-uri|privilege to create a document with any uri, regardless of whether the uri is protected|xdmp:document-insert, xdmp:document-load, xdmp:load| |app-builder|http://marklogic.com/xdmp/privileges/ app-builder|privilege to use the Application Builder UI

App Builder is no longer part of MarkLogic| | |appservices-cache-serverfields|http://marklogic.com/xdmp/privileges/ appservices-cache-server-fields| | |
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |cancel-any-requests|http://marklogic.com/xdmp/privileges/ cancel-any-requests|privilege to cancel requests issued by any user attempting to cancel a request|admin built-ins| |cancel-my-requests|http://marklogic.com/xdmp/privileges/ cancel-my-requests|privilege to cancel requests issued by the user attempting to cancel a request|admin built-ins| |clang:read|http://marklogic.com/xdmp/privileges/ custom-language-read|privilege to read custom language configuration specifications|clang:language-config-read| |clang:write|http://marklogic.com/xdmp/privileges/ custom-language-write|privilege to write custom language configuration specifications|clang:language-config-write| |collection-add-permissions|http://marklogic.com/xdmp/privileges/ collection-add-permissions|privilege to add permissions to a collection|sec:get-collections, sec:collection-add-permissio ns| |collection-get-permissions|http://marklogic.com/xdmp/privileges/ collection-get-permissions|privilege to get permissions on a collection|sec:collection-get-permissio ns| |collection-remove-permissi ons|http://marklogic.com/xdmp/privileges/ collection-remove-permissions|privilege to remove permissions from a collection|sec:get-collections, sec:collection-remove-permi ssions| |collection-set-permissions|http://marklogic.com/xdmp/privileges/ collection-set-permissions|privilege to set permissions on a collection|sec:get-collections, sec:collection-set-permission s| |compartment-get-roles|http://marklogic.com/xdmp/privileges/ compartment-get-roles|privilege to get roles on a compartment|sec:compartment-get-roles| |complete-any-transactions|http://marklogic.com/xdmp/privileges/ complete-any-transactions|privilege to use transaction built-ins for any transactions|xdmp:transaction-commit, xdmp:xa-complete| |complete-my-transactions|http://marklogic.com/xdmp/privileges/ complete-my-transactions|privilege to use transaction built-ins for transactions started by the current user|xdmp:transaction-commit, xdmp:xa-complete| |count-builtins|http://marklogic.com/xdmp/privileges/ counts|privilege to run xdmp:forest-counts|xdmp:forest-counts|

Page 481

|create-amp|http://marklogic.com/xdmp/privileges/ create-amp|privilege to create an amp|sec:create-amp|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |create-credential|http://marklogic.com/xdmp/privileges/ create-credential|privilege to create security credentials|sec:create-credential| |create-data-role|http://marklogic.com/xdmp/privileges/ create-data-role|privilege for non-admin users (with manage role) to create and manage roles| | |create-data-user|http://marklogic.com/xdmp/privileges/ create-data-user|privilege for non-admin users (with manage role) to create and manage users| | |create-domain|http://marklogic.com/xdmp/privileges/ create-domain|privilege to create domains|dom:create| |create-external-security|http://marklogic.com/xdmp/privileges/ create-external-security|privilege to create an external authentication configuration|sec:create-external-security| |create-pipeline|http://marklogic.com/xdmp/privileges/ create-pipeline|privilege to create a pipeline|p:insert p:create| |create-privilege|http://marklogic.com/xdmp/privileges/ create-privilege|privilege to create a privilege|sec:create-role| |create-role|http://marklogic.com/xdmp/privileges/ create-role|privilege to create a role|sec:create-role| |create-trigger|http://marklogic.com/xdmp/privileges/ create-trigger|privilege to create a trigger|trgr:create-trigger| |create-user|http://marklogic.com/xdmp/privileges/ create-user|privilege to create a user|sec:create-user| |credential-get-certificate|http://marklogic.com/xdmp/privileges/ credential-get-certificate|privilege to return the certificate for a credential|sec:credential-get-certificate| |credential-get-description|http://marklogic.com/xdmp/privileges/ credential-get-description|privilege to return the description of a credential|sec:credential-get-descriptio n| |credential-get-id|http://marklogic.com/xdmp/privileges/ credential-get-id|privilege to return the id of a credential|sec:credential-get-id| |credential-get-password|http://marklogic.com/xdmp/privileges/ credential-get-password|privilege to return the password for a credential|sec:credential-get-password|
|Name|Action URI|Description|Protects Function|

Page 482

|---|---|---|---| | | | | | |credential-get-permissions|http://marklogic.com/xdmp/privileges/ credential-get-permissions|privilege to return the permissions for a credential|sec:credential-get-permissio ns| |credential-get-private-key|http://marklogic.com/xdmp/privileges/ credential-get-private-key|privilege to return the private key for a credential|sec:credential-get-private-ke y| |credential-get-signing|http://marklogic.com/xdmp/privileges/ credential-get-signing|privilege to return the signing flag for a credential|sec:credential-get-signing| |credential-get-targets|http://marklogic.com/xdmp/privileges/ credential-get-targets|privilege to return the targets for a credential|sec:credential-get-targets| |credential-get-username|http://marklogic.com/xdmp/privileges/ credential-get-username|privilege to return the user name for a credential|sec:credential-get-username| |credential-set-certificate|http://marklogic.com/xdmp/privileges/ credential-set-certificate|privilege to update the certificate for a credential|sec:credential-set-certificate| |credential-set-description|http://marklogic.com/xdmp/privileges/ credential-set-description|privilege to update the description for a credential|sec:credential-set-descriptio n| |credential-set-name|http://marklogic.com/xdmp/privileges/ credential-set-name|privilege to update the name for a credential|sec:credential-set-name| |credential-set-password|http://marklogic.com/xdmp/privileges/ credential-set-password|privilege to update the password for a credential|sec:credential-set-password| |credential-set-permissions|http://marklogic.com/xdmp/privileges/ credential-set-permissions|privilege to update the permissions for a credential|sec:credential-set-permissio ns| |credential-set-signing|http://marklogic.com/xdmp/privileges/ credential-set-signing|privilege to update the signing flag for a credential|sec:credential-set-signing| |credential-set-targets|http://marklogic.com/xdmp/privileges/ credential-set-targets|privilege to update the targets for a credential|sec:credential-set-targets| |credential-set-username|http://marklogic.com/xdmp/privileges/ credential-set-username|privilege to update the user name for a credential|sec:credential-set-username| |credentials-get-aws|http://marklogic.com/xdmp/privileges/ credentials-get-aws|privilege to return the Amazon Web Services access key, secret key, and session token|sec:credentials-get-aws|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |credentials-set-aws|http://marklogic.com/xdmp/privileges/ credentials-set-aws|privilege to set the Amazon Web Services access key, secret key, and session token|sec:credentials-set-aws| |cts-write-dictionary|http://marklogic.com/xdmp/privileges/ cts-write-dictionary| | |

Page 483

|data-role-edit-|http://marklogic.com/xdmp/privileges/ data-role-edit-|internal privilege to edit a role created by non-admin user through create-data-role privilege| | |data-role-inherit-|http://marklogic.com/xdmp/privileges/ data-role-inherit-|internal privilege to inherit a role created by non-admin user through create-data-role privilege| | |data-user-edit-|http://marklogic.com/xdmp/privileges/ data-user-edit-|internal privilege to track and manage a user created by non-admin user through create-data-user privilege| | |database-node-query-roles ets|http://marklogic.com/xdmp/privileges/ database-node-query-rolesets|privilege to return a sequence of query-rolesets|xdmp:database-node-queryrolesets| |debug-any-requests|http://marklogic.com/xdmp/privileges/ debug-any-requests|privilege to debug all requests from any user|debug built-ins| |debug-my-requests|http://marklogic.com/xdmp/privileges/ debug-my-requests|privilege to debug your own requests|debug buit-ins| |dls-admin|http://marklogic.com/xdmp/privileges/ dls-admin|privilege to configure the Library Services|dls:break-checkout, dls:retention-rule, dls:retention-rule-insert, dls:retention-rule-remove|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |dls-user|http://marklogic.com/xdmp/privileges/ dls-user|privilege to use the Library Services|dls:as-of-query dls:author-query dls:document-add-collection s dls:document-add-permissio ns dls:document-add-properties dls:document-checkin dls:document-checkout dls:document-checkout-statu s dls:document-delete dls:document-extract-part dls:document-get-permission s dls:document-history dls:document-include-query dls:document-insert-and-ma nage dls:document-is-managed dls:document-manage dls:document-purge dls:document-remove-collect ions dls:document-remove-permi ssions dls:document-remove-proper ties dls:document-retention-rules dls:document-set-collections dls:document-set-permission s dls:document-set-properties dls:document-set-property dls:document-set-quality dls:document-unmanage dls:document-update dls:document-version dls:document-version-as-of dls:document-version-delete dls:document-version-query dls:document-version-uri dls:document-versions-query dls:documents-query dls:link-expand dls:link-references dls:node-expand dls:purge dls:retention-rules|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |ec2-http-protected|http://marklogic.com/xdmp/privileges/ ec2-http-protected| | | |environment-ui|http://marklogic.com/xdmp/privileges/ environment-ui| | | |external-security-clear-cac he|http://marklogic.com/xdmp/privileges/ external-security-clear-cache|privilege to clear the login cache in an external authorization configuration object|sec:external-security-clear-c ache| |external-security-get-authe ntication|http://marklogic.com/xdmp/privileges/ external-security-get-authentication|privilege to return the authentication protocol set in an external authorization configuration object|sec:external-security-get-aut hentication| |external-security-get-autho rization|http://marklogic.com/xdmp/privileges/ external-security-get-authorization|privilege to return the authorization scheme set in an external authorization configuration object|sec:external-security-get-aut horization|

Page 484

|external-security-get-cach e-timeout|http://marklogic.com/xdmp/privileges/ external-security-get-cache-timeout|privilege to return the login cache timeout set in an external authorization configuration object|sec:external-security-get-cac he-timeout| |external-security-get-descr iption|http://marklogic.com/xdmp/privileges/ external-security-get-description|privilege to return the description set in an external authorization configuration object|sec:external-security-get-des cription| |external-security-get-http-o ption|http://marklogic.com/xdmp/privileges/ external-security-get-http-option|privilege to return the http options set in an external authorization configuration object|sec:external-security-get-htt p-options| |external-security-get-ldapattribute|http://marklogic.com/xdmp/privileges/ external-security-get-ldap-attribute|privilege to return the LDAP attribute for user lookup set in an external authorization configuration object|sec:external-security-get-lda p-attribute| |external-security-get-ldapbase|http://marklogic.com/xdmp/privileges/ external-security-get-ldap-base|privilege to return the LDAP base for user lookup set in an external authorization configuration object|sec:external-security-get-lda p-base| |external-security-get-ldapbind-method|http://marklogic.com/xdmp/privileges/ external-security-get-ldap-bind-method|privilege to return the bind method set in an external authorization configuration object|sec:external-security-get-lda p-bind-method|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |external-security-get-ldapdefault-user|http://marklogic.com/xdmp/privileges/ external-security-get-ldap-default-user|privilege to return the default LDAP user name set in an external authorization configuration object|sec:external-security-get-lda p-default-user| |external-security-get-ldapmember-attribute|http://marklogic.com/xdmp/privileges/ external-security-get-ldap-member-attri bute|privilege to return the member attribute set in an external authorization configuration object|sec:external-security-get-lda p-member-attribute| |external-security-get-ldapmemberof-attribute|http://marklogic.com/xdmp/privileges/ external-security-get-ldap-memberof-att ribute|privilege to return the memberof attribute set in an external authorization configuration object|sec:external-security-get-lda p-memberof-attribute| |external-security-get-ldapserver-uri|http://marklogic.com/xdmp/privileges/ external-security-get-ldap-server-uri|privilege to return the LDAP server uri set in an external authorization configuration object|sec:external-security-get-lda p-server-uri| |external-security-get-samlattribute-names|http://marklogic.com/xdmp/privileges/ external-security-get-saml-attribute-nam es|privilege to return the SAML attribute names set in an external authorization configuration object|sec:external-security-get-sa ml-attribute-names| |external-security-get-samlentity-id|http://marklogic.com/xdmp/privileges/ external-security-get-saml-entity-id|privilege to return the SAML entity id set in an external authorization configuration object|sec:external-security-get-sa ml-entity-id| |external-security-get-samlprivilege-attribute-name|http://marklogic.com/xdmp/privileges/ external-security-get-saml-privilege-attri bute-name|privilege to return the SAML privilege attribute name set in an external authorization configuration object|sec:external-security-get-sa ml-privilege-attribute-name| |external-security-get-ssl-cli ent-certificate-authorities|http://marklogic.com/xdmp/privileges/ external-security-get-ssl-client-certificat e-authorities|privilege to return the external security's SSL client certificate authorities set in an external authorization configuration object|sec:external-security-get-sslclient-certificate-authorities| |external-security-get-ssl-re quire-client-certificate|http://marklogic.com/xdmp/privileges/ external-security-get-ssl-requier-client-c ertificate|privilege to return the external security's SSL require client certificate flag set in an external authorization configuration object|sec:external-security-get-sslrequire-client-certificate| |external-security-set-authe ntication|http://marklogic.com/xdmp/privileges/ external-security-set-authentication|privilege to set the authentication protocol in an external authorization configuration object|sec:external-security-set-aut hentication| |external-security-set-autho rization|authorization http://marklogic.com/ xdmp/privileges/ external-security-set-authorization|privilege to set the authorization scheme in an external authorization configuration object|sec:external-security-set-aut horization|

Page 485

|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |external-security-set-cache

-timeout|http://marklogic.com/xdmp/privileges/ external-security-set-cache-timeout|privilege to set the login cache timeout in an external authorization configuration object|sec:external-security-set-cac he-timeout| |external-security-set-descri ption|http://marklogic.com/xdmp/privileges/ external-security-set-description|privilege to set the description in an external authorization configuration object|sec:external-security-set-des cription| |external-security-set-http-o ptions|http://marklogic.com/xdmp/privileges/ external-security-set-http-options|privilege to set the http options in an external authorization configuration object|sec:external-security-set-http

-options| |external-security-set-ldapattribute|http://marklogic.com/xdmp/privileges/ external-security-set-ldap-attribute|privilege to set the LDAP attribute for user lookup in an external authorization configuration object|sec:external-security-set-lda p-attribute| |external-security-set-ldapbase|http://marklogic.com/xdmp/privileges/ external-security-set-ldap-base|privilege to set the LDAP base for user lookup in an external authorization configuration object|sec:external-security-set-lda p-base| |external-security-set-ldapbind-method|http://marklogic.com/xdmp/privileges/ external-security-set-ldap-bind-method|privilege to set the bind method in an external authorization configuration object|sec:external-security-set-lda p-bind-method| |external-security-set-ldapdefault-user|http://marklogic.com/xdmp/privileges/ external-security-set-ldap-default-user|privilege to set the default user name in an external authorization configuration object|sec:external-security-set-lda p-default-user| |external-security-set-ldapmember-attribute|http://marklogic.com/xdmp/privileges/ external-security-set-ldap-member-attri bute|privilege to set the member LDAP attribute in an external authorization configuration object|sec:external-security-set-lda p-member-attribute| |external-security-set-ldapmemberof-attribute|http://marklogic.com/xdmp/privileges/ external-security-set-ldap-memberof-att ribute|privilege to set the memberof LDAP attribute in an external authorization configuration object|sec:external-security-set-lda p-memberof-attribute| |external-security-set-ldappassword|http://marklogic.com/xdmp/privileges/ external-security-set-ldap-password|privilege to set the default user password in an external authorization configuration object|sec:external-security-set-lda p-password| |external-security-set-ldapserver-uri|http://marklogic.com/xdmp/privileges/ external-security-set-ldap-server-uri|privilege to set the LDAP server uri in an external authorization configuration object|sec:external-security-set-lda p-server-uri|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |external-security-set-name|http://marklogic.com/xdmp/privileges/ external-security-set-name|privilege to set the name of an external authorization configuration object|sec:external-security-set-na me| |external-security-set-samlattribute-names|http://marklogic.com/xdmp/privileges/ external-security-set-saml-attribute-nam es|privilege to set SAML attribute names used by other security objects to identify a SAML configuration|sec:external-security-set-sa ml-attribute-names| |external-security-set-samlentity-id|http://marklogic.com/xdmp/privileges/ external-security-set-saml-entity-id|privilege to set the SAML entity ID used by other security objects to identify a SAML configuration|sec:external-security-set-sa ml-entity-id|

Page 486

|external-security-set-samlprivilege-attribute-name|http://marklogic.com/xdmp/privileges/ external-security-set-saml-privilege-attri bute-name|privilege to set the SAML privilege attribute name in a SAML configuration|sec:external-security-set-sa ml-privilege-attribute-name| |external-security-set-ssl-cli ent-certificate-authorities|http://marklogic.com/xdmp/privileges/ external-security-set-ssl-client-certificat e-authorities|privilege to set the SSL client certificate authorities in an external authorization configuration object|sec:external-security-set-sslclient-certificate-authorities| |external-security-set-ssl-re quire-client-certificate|http://marklogic.com/xdmp/privileges/ external-security-set-ssl-requier-client-c ertificate|privilege to set the SSL require client certificate flag in an external authorization configuration object|sec:external-security-set-sslrequire-client-certificate| |flexrep-admin|http://marklogic.com/xdmp/privileges/ flexrep-admin|privilege to administer flexible replication|flexible replication functions| |flexrep-internal|http://marklogic.com/xdmp/privileges/ flexrep-internal|used for amping flexible replication functions|flexible-internal| |flexrep-user|http://marklogic.com/xdmp/privileges/ flexrep-user|privilege to use flexible replication|flexible replication user functions| |forget-any-xa-transactions|http://marklogic.com/xdmp/privileges/ forget-any-xa-transactions|privilege to run built-in to forget XA transactions for any transactions|xdmp:xa-forget, xdmp:xq-forget-xid| |forget-my-xa-transactions|http://marklogic.com/xdmp/privileges/ forget-my-xa-transactions|privilege to run built-in to forget XA transactions for the user’s transactions|xdmp:xa-forget, xdmp:xq-forget-xid| |get-amp|http://marklogic.com/xdmp/privileges/ get-amp|privilege to get an amp|sec:get-amp|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |get-an-admin-user-id|http://marklogic.com/xdmp/privileges/ get-an-admin-user-id|privilege to get an admin user id| | |get-appserver-logs|http://marklogic.com/xdmp/privileges/ logs/appserver|privilege to get App Server logs| | |get-compartments|http://marklogic.com/xdmp/privileges/ get-compartments|privilege to get a the compartments|sec:get-compartments| |get-credential|http://marklogic.com/xdmp/privileges/ get-credential|privilege to get a PEM encoded X509 certificate|sec:get-credential| |get-credential-by-id|http://marklogic.com/xdmp/privileges/ get-credential-by-id|privilege to get a PEM encoded X509 certificate| | |get-credential-ids|http://marklogic.com/xdmp/privileges/ get-credential-ids|privilege to get all of the credential IDs in the security database| | |get-credential-names|http://marklogic.com/xdmp/privileges/ get-credential-names|privilege to get all of the credential names in the security database| | |get-credentials-encoded-k ek|http://marklogic.com/xdmp/privileges/ get-credentials-encoded-kek| | | |get-logs|http://marklogic.com/xdmp/privileges/ logs|privilege to get logs| |

Page 487

|get-privilege|http://marklogic.com/xdmp/privileges/ get-privilege|privilege to get a privilege from action uri and type|sec:get-privilege| |get-role-ids|http://marklogic.com/xdmp/privileges/ get-role-ids|privilege to get role ids|internal functions| |get-role-names|http://marklogic.com/xdmp/privileges/ get-role-names|privilege to get role names|internal functions| |get-saml-entity-ids|http://marklogic.com/xdmp/privileges/ get-saml-entity-ids|privilege to get the SAML entity ids stored in the Security database|sec:get-saml-entity-ids| |get-system-logs|http://marklogic.com/xdmp/privileges/ logs/system|privilege to get system logs| | |get-taskserver-logs|http://marklogic.com/xdmp/privileges/ logs/taskserver|privilege to get taskserver logs| |
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |get-user-names|http://marklogic.com/xdmp/privileges/ get-user-names|privilege to get user names|sec:get-user-names| |grant-all-roles|http://marklogic.com/xdmp/privileges/ grant-all-roles|privilege to grant a user all roles. Either grant-all-roles or grant-my-roles would be needed by functions that assign roles.|sec:create-user, sec:user-set-roles, sec:user-add-roles, sec:user-remove-roles, sec:create-role, sec:role-set-roles, sec:role-add-roles, sec:role-remove-roles, sec:remove-role-from-roles, sec:remove-role-from-privile ges, sec:remove-role-from-amps, sec:create-role, sec:privilege-set-roles, sec:privilege-add-roles, sec:privilege-remove-roles, sec:create-amp, sec:amp-set-roles, sec:amp-add-roles, sec:amp-remove-roles| |grant-my-roles|http://marklogic.com/xdmp/privileges/ grant-my-roles|privilege to grant a user my roles. Either grant-all-roles or grant-my-roles would be needed by functions that assign roles.|sec:create-user, sec:user-set-roles, sec:user-add-roles, sec:user-remove-roles, sec:create-role, sec:role-set-roles, sec:role-add-roles, sec:role-remove-roles, sec:remove-role-from-roles, sec:remove-role-from-privile ges, sec:remove-role-from-amps, sec:create-role, sec:privilege-set-roles, sec:privilege-add-roles, sec:privilege-remove-roles, sec:create-amp, sec:amp-set-roles, sec:amp-add-roles, sec:amp-remove-roles|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |hadoop-user-read|http://marklogic.com/xdmp/privileges/ hadoop-user-read|privilege to use MarkLogic Server as an input for a Hadoop MapReduce job that reads data from MarkLogic Server.|Java APIs in the Hadoop package.| |hadoop-user-write|http://marklogic.com/xdmp/privileges/ hadoop-user-write|privilege to use MarkLogic Server as an input for a Hadoop MapReduce job that writes data from MarkLogic Server|Java APIs in the Hadoop package.| |healthcheck|http://marklogic.com/xdmp/privileges/ healthcheck|privilege to use the HealthCheck App Server| | |infostudio|http://marklogic.com/xdmp/privileges/ infostudio|privilege to use Information Studio Information Studio is no longer part of MarkLogic|Information Studio functions|

Page 488

|java|http://marklogic.com/xdmp/privileges/ java| | | |manage|http://marklogic.com/xdmp/privileges/ manage|privilege to run the Management API|For example non-admin users can use manage role plus create-data-role/ create-data-user granular privilege to manage roles/ users created by data users or granted. package:add-database, package:add-appserver, All of the resource addresses in the Management API| |manage-admin|http://marklogic.com/xdmp/privileges/ manage-admin|privilege to use the manage REST APIs| | |my-transaction-locks|http://marklogic.com/xdmp/privileges/ my-transaction-locks|privilege to return URIs currently locked for read or write by a transaction|xdmp:transaction-locks| |native-plugin|http://marklogic.com/xdmp/privileges/ native-plugin| | | |node-query-rolesets|http://marklogic.com/xdmp/privileges/ node-query-rolesets|privilege to return query-rolesets|xdmp:node-query-rolesets|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |odbc:eval|http://marklogic.com/xdmp/privileges/ odbc-eval|privilege to execute eval statements from odbc|xdmp:eval| |odbc:eval-in|http://marklogic.com/xdmp/privileges/ odbc-eval-in|privilege to execute eval-in statements from odbc|xdmp:eval-in| |odbc:eval-modules-change|http://marklogic.com/xdmp/privileges/ odbc-eval-modules-change|privilege to execute eval statements that change a modules database from odbc|xdmp:eval| |odbc:eval-modules-change

-file|http://marklogic.com/xdmp/privileges/ odbc-eval-modules-change-file|privilege to execute eval statements that change a filesystem root from odbc|xdmp:eval| |odbc:insert|http://marklogic.com/xdmp/privileges/ odbc-insert|privilege to execute insert statements from odbc|odbc inserts| |odbc:insert-in|http://marklogic.com/xdmp/privileges/ odbc-insert-in|privilege to execute insert statements from odbc|odbc inserts into another database| |odbc:invoke|http://marklogic.com/xdmp/privileges/ odbc-invoke|privilege to execute invoke statements from odbc|odbc invokes| |odbc:invoke-in|http://marklogic.com/xdmp/privileges/ odbc-invoke-in|privilege to execute invoke statements from odbc|odbc invokes into another database| |odbc:invoke-modules-chan ge|http://marklogic.com/xdmp/privileges/ odbc-invoke-modules-change|privilege to execute invoke statements that change a modules database from odbc|odbc invokes that change the modules database| |odbc:invoke-modules-chan ge-file|http://marklogic.com/xdmp/privileges/ odbc-invoke-modules-change-file|privilege to execute invoke statements that change a filesystem root from odbc|odbc invokes that change the filesystem root| |odbc:spawn|http://marklogic.com/xdmp/privileges/ odbc-spawn|privilege to execute spawn statements from odbc|odbc spawns| |odbc:spawn-in|http://marklogic.com/xdmp/privileges/ odbc-spawn-in|privilege to execute spawn statements from odbc|odbc spawns into another database|

Page 489

|odbc:spawn-modules-chan ge|http://marklogic.com/xdmp/privileges/ odbc-spawn-modules-change|privilege to execute spawn statements that change a modules database from odbc|odbc spawn that change the modules database|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |odbc:spawn-modules-chan ge-file|http://marklogic.com/xdmp/privileges/ odbc-spawn-modules-change-file|privilege to execute spawn statements that change a filesystem root from odbc|odbc spawn that change the filesystem root| |path-add-permissions|http://marklogic.com/xdmp/privileges/ path-add-permissions|privilege to add permissions for a protected path|sec:path-add-permissions| |path-get-permissions|http://marklogic.com/xdmp/privileges/ path-get-permissions|privilege to return permissions for a protected path|sec:path-get-permissions| |path-remove-permissions|http://marklogic.com/xdmp/privileges/ path-remove-permissions|privilege to remove permissions for a protected path|sec:path-remove-permission s| |path-set-permissions|http://marklogic.com/xdmp/privileges/ path-set-permissions|privilege to set permissions for a protected path|sec:path-set-permissions|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |pki|http://marklogic.com/xdmp/privileges/pki|privilege to use the PKI functions.|pki:create-template, pki:delete-certificate, pki:delete-template , pki:generate-certificate-requ est, pki:generate-template-certifi cate-authority , pki:generate-temporary-certif icate, pki:generate-temporary-certif icate-if-necessary, pki:get-certificate, pki:get-certificate-pem, pki:get-certificate-xml , pki:get-certificates, pki:get-certificates-for-templ ate , pki:get-certificates-for-templ ate-xml, pki:get-pending-certificate-re quest, pki:get-pending-certificate-re quests-pem , pki:get-pending-certificate-re quests-xml, pki:get-template, pki:get-template-by-name, pki:get-template-certificate-a uthority pki:get-template-ids, pki:get-trusted-certificate-ids, pki:insert-certificate-revocati on-list, pki:insert-signed-certificates, pki:insert-template, pki:insert-trusted-certificates, pki:is-temporary, pki:need-certificate, pki:template-get-description, pki:template-get-id, pki:template-get-key-options, pki:template-get-key-type, pki:template-get-name, pki:template-get-request, pki:template-get-version, pki:template-in-use, pki:template-set-description, pki:template-set-key-options, pki:template-set-key-type, pki:template-set-name, pki:template-set-request|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |plugin-register|http://marklogic.com/xdmp/privileges/ plugin-register|privilege to use the plugin API|plugin:register|

Page 490

|plugin-server-fields|http://marklogic.com/xdmp/privileges/ plugin-server-fields|privilege to use the plugin API|Used by the plugin API| |prepare-any-xa-transaction s|http://marklogic.com/xdmp/privileges/ prepare-any-xa-transactions|privilege to run built-in to prepare XA transactions for any transactions|xdmp:xa-prepare| |prepare-my-xa-transaction s|http://marklogic.com/xdmp/privileges/ prepare-my-xa-transactions|privilege to run built-in to prepare XA transactions for the user’s transactions|xdmp:xa-prepare| |privilege-add-roles|http://marklogic.com/xdmp/privileges/ privilege-add-roles|privilege to assign the privilege to additional roles|sec:privilege-add-roles| |privilege-get-roles|http://marklogic.com/xdmp/privileges/ privilege-get-roles|privilege to get all roles associated with a privilege|sec:privilege-get-roles| |privilege-remove-roles|http://marklogic.com/xdmp/privileges/ privilege-remove-roles|privilege to remove privilege from roles to which it is assigned|sec:privilege-remove-roles| |privilege-set-name|http://marklogic.com/xdmp/privileges/ privilege-set-name|privilege to set a privilege’s name|sec:privilege-set-name| |privilege-set-roles|http://marklogic.com/xdmp/privileges/ privilege-set-roles|privilege to set roles associated with a privilege|sec:privilege-set-roles| |profile-any-requests|http://marklogic.com/xdmp/privileges/ profile-any-requests|privilege to profile requests initiated by any user|prof:enable and other profile APIs| |profile-my-requests|http://marklogic.com/xdmp/privileges/ profile-my-requests|privilege to profile requests initiated by the user running the request from which profiling is called|prof:enable and other profile APIs| |protect-collection|http://marklogic.com/xdmp/privileges/ protect-collection|privilege to make a new or existing collection protected|sec:protect-collection| |protect-path|http://marklogic.com/xdmp/privileges/ protect-path|privilege to protect a path|sec:protect-path| |qconsole|http://marklogic.com/xdmp/privileges/ qconsole|privilege to run Query Console| |
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |redaction-user|http://marklogic.com/xdmp/privileges/ redaction-user|privilege to validate and set redaction rules|rdt:rule-validate rdt:redact| |remove-amp|http://marklogic.com/xdmp/privileges/ remove-amp|privilege to remove an amp from the security database|sec:remove-amp| |remove-credential|http://marklogic.com/xdmp/privileges/ remove-credential|privilege to remove credentials|sec:remove-credential| |remove-credential-by-id|http://marklogic.com/xdmp/privileges/ remove-credential-by-id|privilege to remove credentials|sec:remove-credential-by-id| |remove-external-security|http://marklogic.com/xdmp/privileges/ remove-external-security|privilege to remove external authentication configuration objects|sec:remove-external-security|

Page 491

|remove-path|http://marklogic.com/xdmp/privileges/ remove-path|privilege to remove protection from protected paths|sec:remove-path| |remove-privilege|http://marklogic.com/xdmp/privileges/ remove-privilege|privilege to remove a privilege from the security database|sec:remove-privilege| |remove-query-rolesets|http://marklogic.com/xdmp/privileges/ remove-query-rolesets|privilege to remove query rolesets from the Security database|sec:remove-query-rolesets| |remove-role|http://marklogic.com/xdmp/privileges/ remove-role|privilege to remove a role from the security database|sec:remove-role| |remove-role-from-amps|http://marklogic.com/xdmp/privileges/ remove-role-from-amps|privilege to remove a role from all amps in the security database|sec:remove-role-from-amps| |remove-role-from-privilege s|http://marklogic.com/xdmp/privileges/ remove-role-from-privileges|privilege to remove a role from all privileges in the security database|sec:remove-role-from-privile ges| |remove-role-from-roles|http://marklogic.com/xdmp/privileges/ remove-role-from-roles|privilege to remove a role from all roles in the security database|sec:remove-role-from-roles| |remove-role-from-users|http://marklogic.com/xdmp/privileges/ remove-role-from-users|privilege to remove a role from all users in the security database|sec:remove-role-from-users| |remove-user|http://marklogic.com/xdmp/privileges/ remove-user|privilege to remove a user from the security database|sec:remove-user| |rest-admin|http://marklogic.com/xdmp/privileges/ rest-admin|privilege to perform administrative tasks using the REST API|REST APIs|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |rest-reader|http://marklogic.com/xdmp/privileges/ rest-reader|privilege to perform read operations using the REST API|REST APIs| |rest-tracer|http://marklogic.com/xdmp/privileges/ rest-tracer| | | |rest-writer|http://marklogic.com/xdmp/privileges/ rest-writer|privilege to perform update tasks using the REST API|REST APIs| |role-add-roles|http://marklogic.com/xdmp/privileges/ role-add-roles|privilege to add roles to the roles of a specified role|sec:role-add-roles| |role-exists|http://marklogic.com/xdmp/privileges/ get-role|privilege to find out if a role exists|sec:role-exists| |role-get-compartment|http://marklogic.com/xdmp/privileges/ role-get-compartment|privilege to get a role’s compartment|sec:role-get-compartment| |role-get-default-collections|http://marklogic.com/xdmp/privileges/ role-get-default-collections|privilege to get a role’s default collections|sec:role-get-default-collectio ns| |role-get-default-permission s|http://marklogic.com/xdmp/privileges/ role-get-default-permissions|privilege to get a role’s default permissions|sec:role-get-default-permissi ons|

Page 492

|role-get-description|http://marklogic.com/xdmp/privileges/ role-get-description|privilege to get a role’s description|sec:role-get-description| |role-get-external-names|http://marklogic.com/xdmp/privileges/ role-get-external-names|privilege to get a role’s external LDAP group names|sec:role-get-external-names| |role-get-roles|http://marklogic.com/xdmp/privileges/ role-get-roles|privilege to get all the roles included in the specified role|sec:role-get-roles| |role-privileges|http://marklogic.com/xdmp/privileges/ role-privileges|privilege to get all the privileges for a given role|sec:role-privileges| |role-remove-roles|http://marklogic.com/xdmp/privileges/ role-remove-roles|privilege to remove roles from the roles of a specified role|sec:role-remove-roles| |role-set-default-collections|http://marklogic.com/xdmp/privileges/ role-set-default-collections|privilege to set a role’s default collections|sec:role-set-default-collectio ns| |role-set-default-permission s|http://marklogic.com/xdmp/privileges/ role-set-default-permissions|privilege to set a role’s default permissions|sec:role-set-default-permissi ons|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |role-set-description|http://marklogic.com/xdmp/privileges/ role-set-description|privilege to set a role’s name|sec:role-set-description| |role-set-external-names|http://marklogic.com/xdmp/privileges/ role-set-external-names|privilege to set external LDAP distinguished names for a role|sec:role-set-external-names| |role-set-name|http://marklogic.com/xdmp/privileges/ role-set-name|privilege to change a role’s name|sec:role-set-name| |role-set-roles|http://marklogic.com/xdmp/privileges/ role-set-roles|privilege to change all the roles in the specified role|sec:role-set-roles| |saml-entity-delete|http://marklogic.com/xdmp/privileges/ saml-entity-delete|privilege to delete a SAML entity|sec:saml-entity-delete| |saml-entity-insert|http://marklogic.com/xdmp/privileges/ saml-entity-insert|privilege to insert a SAML entity into the Security database|sec:saml-entity-insert| |sem:sparql|http://marklogic.com/xdmp/privileges/ sem-sparql|privilege to run a sparql query|sem:sparql| |sem:sparql-update|http://marklogic.com/xdmp/privileges/ sem-sparql-update|privilege to run a sparql update|sem:sparql-update| |set-any-time-limit|http://marklogic.com/xdmp/privileges/ xdmp-set-request-time-limit-any|privilege to change the request time limit|xdmp:set-request-time-limit| |set-any-transaction-name|http://marklogic.com/xdmp/privileges/ xdmp-set-transaction-name-any|privilege to set a name for any transaction|xdmp:set-transaction-name| |set-any-transaction-time-li mit|http://marklogic.com/xdmp/privileges/ xdmp-set-transaction-time-limit-any|privilege to set a time limit for any transaction|xdmp:set-transaction-time-li mit|

Page 493

|set-my-time-limit|http://marklogic.com/xdmp/privileges/ xdmp-set-request-time-limit-my|privilege to change the request time limit|xdmp:set-request-time-limit| |set-my-transaction-name|http://marklogic.com/xdmp/privileges/ xdmp-set-transaction-name-my|privilege to set a name for the user’s transactions|xdmp:set-transaction-name| |set-my-transaction-time-li mit|http://marklogic.com/xdmp/privileges/ xdmp-set-transaction-time-limit-my|privilege to set a time limit for the user’s transactions|xdmp:set-transaction-time-li mit| |status-builtins|http://marklogic.com/xdmp/privileges/ status|privilege to access the status built-ins|status built-ins|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |switch-task-user|http://marklogic.com/xdmp/privileges/ switch-task-user|privilege for setting the task-user if it is not the current user| | |temporal-admin|http://marklogic.com/xdmp/privileges/ temporal-admin|privilege to execute temporal admin functions|All temporal admin functions| |temporal-internal|http://marklogic.com/xdmp/privileges/ temporal-internal|internal temporal privilege| | |temporal-document-protect|http://marklogic.com/xdmp/privileges/ temporal-document-protect|privilege to protect a temporal document from certain temporal operations for a period of time|temporal:document-protect| |temporal:document-wipe|http://marklogic.com/xdmp/privileges/ temporal-document-wipe|privilege to delete all versions of a temporal document|temporal:document-wipe| |temporal:set-lsqt-automati on|http://marklogic.com/xdmp/privileges/ temporal-set-lsqt-automation|privilege to set Last Stable Query Time (LSQT) management to automatic|temporal:set-lsqt-automation| |temporal:set-use-lsqt|http://marklogic.com/xdmp/privileges/ temporal-set-use-lsqt|privilege to enable or disable the use of LSQT (Last Stable Query Time) on temporal collections|temporal:set-use-lsqt| |temporal:statement-set-sy stem-time|http://marklogic.com/xdmp/privileges/ temporal-statement-set-system-time|privilege to set the system start time on temporal documents|temporal:statement-set-syst em-time| |term-query|http://marklogic.com/xdmp/privileges/ term-query| |cts:term-query| |database-create-sub-datab ase|http://marklogic.com/xdmp/privileges/ database-create-sub-database|privilege to create sub databases|tieredstorage:database-creat e-sub-database| |database-create-super-dat abase|http://marklogic.com/xdmp/privileges/ database-create-super-database|privilege to create super databases|tieredstorage:database-creat e-super-database| |database-delete-sub-datab ase|http://marklogic.com/xdmp/privileges/ database-delete-sub-database|privilege to delete sub databases|tieredstorage:database-delet e-sub-database| |database-delete-super-dat abase|http://marklogic.com/xdmp/privileges/ database-delete-super-database|privilege to delete super databases|tieredstorage:database-delet e-super-database| |database-partition-number s|http://marklogic.com/xdmp/privileges/ database-partition-numbers|privilege to return the partition numbers of the forests in a database|tieredstorage:database-partit ion-numbers|

Page 494

|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |database-partitions|http://marklogic.com/xdmp/privileges/ database-partitions|privilege to return the names of the partitions in a database|tieredstorage:database-partit ions| |forest-combine|http://marklogic.com/xdmp/privileges/ forest-combine|privilege to combine data in multiple forests into one new forest|tieredstorage:forest-combine| |forest-migrate|http://marklogic.com/xdmp/privileges/ forest-migrate|privilege to move data in a forest to new data directories|tieredstorage:forest-migrate| |partition-create|http://marklogic.com/xdmp/privileges/ partition-create|privilege to create a query partition|tieredstorage:query-partitioncreate| |partition-delete|http://marklogic.com/xdmp/privileges/ partition-delete|privilege to delete a query partition|tieredstorage:partition-delete| |partition-delete-query|http://marklogic.com/xdmp/privileges/ partition-delete-query|privilege to delete a query from a partition|tieredstorage:partition-delete

-query| |partition-forests|http://marklogic.com/xdmp/privileges/ partition-forests|privilege to returns ids of the forests in a query partition|tieredstorage:partition-forest s| |partition-get-exclusion-ena bled|http://marklogic.com/xdmp/privileges/ partition-get-exclusion-enabled|privilege to return the safe-to-exclude setting for a database|tieredstorage:partition-get-ex clusion-enabled| |partition-get-query|http://marklogic.com/xdmp/privileges/ partition-get-query|privilege to return the query of a partition|tieredstorage:partition-get-qu ery| |partition-migrate|http://marklogic.com/xdmp/privileges/ partition-migrate|privilege to migrate forests in a partition to a data directory and hosts|tieredstorage:partition-migrat e| |partition-number-forests|http://marklogic.com/xdmp/privileges/ partition-number-forests|privilege to return the IDs of the forests associated with a partition|tieredstorage:partition-numb er-forests| |partition-queries|http://marklogic.com/xdmp/privileges/ partition-queries|privilege to return the queries in a schema database|tieredstorage:partition-querie s| |partition-resize|http://marklogic.com/xdmp/privileges/ partition-resize|privilege to create or combine forests in a partition|tieredstorage:partition-resize| |partition-set-availability|http://marklogic.com/xdmp/privileges/ partition-set-availability|privilege to set the availability of the partition|tieredstorage:partition-set-av ailability| |partition-set-exclusion-ena bled|http://marklogic.com/xdmp/privileges/ partition-set-exclusion-enabled|privilege to exclude a query partition from being searched if the search query does not match the query assignment policy set for the partition|tieredstorage:partition-set-ex clusion-enabled| |partition-set-query|http://marklogic.com/xdmp/privileges/ partition-set-query|privilege to set the query for a partition|tieredstorage:partition-set-qu ery| |partition-set-updates-allow ed|http://marklogic.com/xdmp/privileges/ partition-set-updates-allowed|privilege to set update-allowed state for the forests in a partition|tieredstorage:partition-set-up dates-allowed| |partition-transfer|http://marklogic.com/xdmp/privileges/ partition-transfer|privilege to transfer a partition from one database to another|tieredstorage:partition-transf er|

Page 495

|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |unprotect-collection|http://marklogic.com/xdmp/privileges/ unprotect-collection|privilege to change roles for a collection|xdmp:document-add-collecti ons, xdmp:document-remove-coll ections, xdmp:document-set-collectio ns| |unprotect-path|http://marklogic.com/xdmp/privileges/ unprotect-path|privilege to remove a protection from a protected path|sec:unprotect-path| |unprotected-collections|http://marklogic.com/xdmp/privileges/ unprotected-collections|privilege to add to or remove from collections that are unprotected|xdmp:document-add-collecti ons, xdmp:document-remove-coll ections, xdmp:document-set-collectio ns| |unprotected-uri|http://marklogic.com/xdmp/privileges/ unprotected-uri|privilege to create document with uri’s that are unprotected|xdmp:document-insert, xdmp:load| |user-add-roles|http://marklogic.com/xdmp/privileges/ user-add-roles|privilege to add roles to a user|sec:user-add-roles| |user-exists|http://marklogic.com/xdmp/privileges/ get-user|privilege to check if a user exists in the security database|sec:user-exists| |user-get-default-collections|http://marklogic.com/xdmp/privileges/ user-gt-default-collections|privilege to get a user’s default collections|sec:user-get-default-collectio ns| |user-get-default-permissio ns|http://marklogic.com/xdmp/privileges/ user-get-default-permissions|privilege to get user’s default permissions|sec:user-get-default-permiss ions| |user-get-description|http://marklogic.com/xdmp/privileges/ user-get-description|privilege to get user’s description|sec:user-get-description (if not logged in as user)| |user-get-external-names|http://marklogic.com/xdmp/privileges/ user-get-external-names|privilege to get the external LDAP group names assigned to a user|sec:user-get-external-names| |user-get-password-extra|http://marklogic.com/xdmp/privileges/ user-get-password-extra|privilege to get the password-extra element from the user document|sec:user-get-password-extra| |user-get-roles|http://marklogic.com/xdmp/privileges/ user-get-roles|privilege to get user’s roles|sec:user-get-roles (if not logged in as user)| |user-privileges|http://marklogic.com/xdmp/privileges/ user-privileges|privilege to get a user’s complete privileges|sec:user-privileges (if not logged in as user)| |user-remove-roles|http://marklogic.com/xdmp/privileges/ user-remove-roles|privilege to remove roles from a user|sec:user-remove-roles| |user-set-default-collections|http://marklogic.com/xdmp/privileges/ user-set-default-collections|privilege to set a user’s default collections|sec:user-set-default-collectio ns| |user-set-default-permissio ns|http://marklogic.com/xdmp/privileges/ user-set-default-permissions|privilege to set a user’s default permissions|sec:user-set-default-permissi ons| |user-set-description|http://marklogic.com/xdmp/privileges/ user-set-description|privilege to set a user’s description|sec:user-set-description ( if not logged in as user)| |user-set-external-names|http://marklogic.com/xdmp/privileges/ user-set-external-names|privilege to set the external names for a user|sec:user-set-external-names|

Page 496

|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |user-set-name|http://marklogic.com/xdmp/privileges/ user-set-name|privilege to set a user’s name|sec:user-set-name (if not logged in as user)| |user-set-password|http://marklogic.com/xdmp/privileges/ user-set-password|privilege to set user’s password|sec:user-set-password ( if not logged in as user)| |user-set-password-extra|http://marklogic.com/xdmp/privileges/ user-set-password-extra|privilege to set the password-extra element in the user document|sec:user-set-password-extra| |user-set-roles|http://marklogic.com/xdmp/privileges/ user-set-roles|privilege to set a user’s role|sec:user-set-roles| |view-create|http://marklogic.com/xdmp/privileges/ create-view|privilege to create a view|view:create| |view-schema-create|http://marklogic.com/xdmp/privileges/ create-schema|privilege to create a relational schema|view:schema-create| |xdbc-eval|http://marklogic.com/xdmp/privileges/ xdbc-eval|privilege to execute eval statements from xcc or xdbc|xdmp:eval| |xdbc-eval-in|http://marklogic.com/xdmp/privileges/ xdbc-eval-in|privilege to execute eval-in statements from xcc or xdbc|xdmp:eval-in| |xdbc-eval-modules-change|http://marklogic.com/xdmp/privileges/ xdbc-eval-modules-change|privilege to execute eval statements that change a modules database from xcc or xdbc|xdmp:eval| |xdbc-eval-modules-change

-file|http://marklogic.com/xdmp/privileges/ xdbc-eval-modules-change-file|privilege to execute eval statements that change a filesystem root from xcc or xdbc|xdmp:eval| |xdbc-insert|http://marklogic.com/xdmp/privileges/ xdbc-insert-in|privilege to execute insert statements from xcc or xdbc|xcc or xdbc inserts| |xdbc-insert-in|http://marklogic.com/xdmp/privileges/ xdbc-insert-in|privilege to execute insert statements from xcc or xdbc|xdbc or xcc inserts into another database| |xdbc-invoke|http://marklogic.com/xdmp/privileges/ xdbc-invoke|privilege to execute invoke statements from xcc or xdbc|xdbc or xcc invokes| |xdbc-invoke-in|http://marklogic.com/xdmp/privileges/ xdbc-invoke-in|privilege to execute invoke statements from xcc or xdbc|xdbc or xcc invokes into another database| |xdbc-invoke-modules-chan ge|http://marklogic.com/xdmp/privileges/ xdbc-invoke-modules-change|privilege to execute invoke statements that change a modules database from xcc or xdbc|xdbc or xcc invokes that change the modules database| |xdbc-invoke-modules-chan ge-file|http://marklogic.com/xdmp/privileges/ xdbc-invoke-modules-change-file|privilege to execute invoke statements that change a filesystem root from xcc or xdbc|xdbc or xcc invokes that change the filesystem root| |xdbc-spawn|http://marklogic.com/xdmp/privileges/ xdbc-spawn|privilege to execute spawn statements from xcc or xdbc|xdbc or xcc spawns| |xdbc-spawn-in|http://marklogic.com/xdmp/privileges/ xdbc-spawn-in|privilege to execute spawn statements from xcc or xdbc|xdbc or xcc spawns into another database|

Page 497

|xdbc-spawn-modules-chan ge|http://marklogic.com/xdmp/privileges/ xdbc-spawn-modules-change|privilege to execute spawn statements that change a modules database from xcc or xdbc|xdbc or xcc spawn that change the modules database|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |xdbc-spawn-modules-chan ge-file|http://marklogic.com/xdmp/privileges/ xdbc-spawn-modules-change-file|privilege to execute spawn statements that change a filesystem root from xcc or xdbc|xdbc or xcc spawn that change the filesystem root| |xdmp-add-response-heade r|http://marklogic.com/xdmp/privileges/ xdmp-add-response-header|privilege to use the function that adds a response header to a request functions.|admin built-ins, alert-user| |xdmp-address-bindable|http://marklogic.com/xdmp/privileges/ xdmp-address-bindable|privilege to perform admin functions.|admin built-ins| |xdmp-alert-admin|http://marklogic.com/xdmp/privileges/ xdmp-alert-admin|privilege to perform alerting admin functions.|xdmp:alert-admin| |xdmp-alert-internal|http://marklogic.com/xdmp/privileges/ xdmp-alert-internal|privilege used by the Alerting API functions.|xdmp:alert-internal| |xdmp-alert-user|http://marklogic.com/xdmp/privileges/ xdmp-alert-user|privilege to perform user-level Alerting functions.|xdmp:alert-user, xdmp:alert-admin| |xdmp-amp-roles|http://marklogic.com/xdmp/privileges/ xdmp-amp-roles|privilege to get an amp’s roles|xdmp:amp-roles| |xdmp-binary-join|http://marklogic.com/xdmp/privileges/ xdmp-binary-join|privilege to run the binary-join built-n|xdmp:binary-join| |xdmp-compressed-tree-ca che-partitions|http://marklogic.com/xdmp/privileges/ xdmp-compressed-tree-cache-partitions|privilege to perform admin functions|admin built-ins| |xdmp-compressed-tree-ca che-size|http://marklogic.com/xdmp/privileges/ xdmp-compressed-tree-cache-size|privilege to perform admin functions|admin built-ins| |xdmp-data-directory|http://marklogic.com/xdmp/privileges/ xdmp-data-directory|privilege to access the data directory|admin built-ins| |xdmp-database-backup|http://marklogic.com/xdmp/privileges/ xdmp-database-backup|privilege to perform a database backup|admin built-ins| |xdmp-database-backup-ca ncel|http://marklogic.com/xdmp/privileges/ xdmp-database-backup-cancel|privilege to cancel a database backup|admin built-ins| |xdmp-database-backup-pu rge|http://marklogic.com/xdmp/privileges/ xdmp-database-backup-purge|privilege to get purge a database backup|admin built-ins| |xdmp-database-backup-st atus|http://marklogic.com/xdmp/privileges/ xdmp-database-backup-status|privilege to get status for a database backup|admin built-ins| |xdmp-database-backup-va lidate|http://marklogic.com/xdmp/privileges/ xdmp-database-backup-validate|privilege to validate a database backup|admin built-ins| |xdmp-database-create-sub

-database|http://marklogic.com/xdmp/privileges/ xdmp-database-create-sub-database|privilege to create a sub database|tieredstorage:database-creat e-sub-database|

Page 498

|xdmp-database-create-sup er-database|http://marklogic.com/xdmp/privileges/ xdmp-database-create-super-database|privilege to create a super database|tieredstorage:database-creat e-super-database| |xdmp-database-delete-sub

-database|http://marklogic.com/xdmp/privileges/ xdmp-database-delete-sub-database|privilege to delete a sub database|tieredstorage:database-delet e-sub-database| |xdmp-database-delete-sup er-database|http://marklogic.com/xdmp/privileges/ xdmp-database-delete-super-database|privilege to delete a super database|tieredstorage:database-delet e-super-database|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |xdmp-database-increment al-backup|http://marklogic.com/xdmp/privileges/ xdmp-database-incremental-backup|privilege to validate if forests can be incrementally backed up|xdmp:database-incrementalbackup| |xdmp-database-increment al-backup-validate|http://marklogic.com/xdmp/privileges/ xdmp-database-incremental-backup-val idate|privilege to start an incremental backup of forests|xdmp:database-incrementalbackup-validate| |xdmp-database-restore|http://marklogic.com/xdmp/privileges/ xdmp-database-restore|privilege to perform a database restore|admin built-ins| |xdmp-database-restore-ca ncel|http://marklogic.com/xdmp/privileges/ xdmp-database-backup|privilege to cancel a database restore|admin built-ins| |xdmp-database-restore-sta tus|http://marklogic.com/xdmp/privileges/ xdmp-database-restore-status|privilege to get status for a database restore|admin built-ins| |xdmp-database-restore-val idate|http://marklogic.com/xdmp/privileges/ xdmp-database-restore-validate|privilege to validate a database restore|admin built-ins| |xdmp-default-in-memory-g eospatial-region-index-size|http://marklogic.com/xdmp/privileges/ xdmp-default-in-memory-geospatial-regi on-index-size|privilege to perform admin functions.|admin built-ins| |xdmp-default-in-memory-li mit|http://marklogic.com/xdmp/privileges/ xdmp-default-in-memory-limit|privilege to perform admin functions.|admin built-ins| |xdmp-default-in-memory-li st-size|http://marklogic.com/xdmp/privileges/ xdmp-default-in-memory-list-size|privilege to perform admin functions.|admin built-ins| |xdmp-default-in-memory-r angeindex-size|http://marklogic.com/xdmp/privileges/ xdmp-default-in-memory-range-index-si ze|privilege to perform admin functions|admin built-ins| |xdmp-default-in-memory-r everse-index-size|http://marklogic.com/xdmp/privileges/ xdmp-default-in-memory-reverse-indexsize|privilege to perform admin functions|admin built-ins| |xdmp-default-in-memory-tr ee-size|http://marklogic.com/xdmp/privileges/ xdmp-default-in-memory-tree-size|privilege to perform admin functions|admin built-ins| |xdmp-default-in-memory-tri ple-index-size|http://marklogic.com/xdmp/privileges/ xdmp-default-in-memory-triple-index-siz e|privilege to perform admin functions.|admin built-ins| |xdmp-default-journal-count|http://marklogic.com/xdmp/privileges/ xdmp-default-journal-count|privilege to perform admin functions.|admin built-ins| |xdmp-default-journal-size|http://marklogic.com/xdmp/privileges/ xdmp-default-journal-size|privilege to perform admin functions.|admin built-ins|

Page 499

|xdmp-default-preallocate-j ournals|http://marklogic.com/xdmp/privileges/ xdmp-default-preallocate-journals|privilege to perform admin functions.|admin built-ins| |xdmp-default-s3-domain|http://marklogic.com/xdmp/privileges/ xdmp-default-s3-domain|privilege to perform admin functions.|admin built-ins| |xdmp-delete-cluster-config

-file|http://marklogic.com/xdmp/privileges/ xdmp-delete-cluster-config-file|privilege to perform admin functions|admin built-ins| |xdmp-delete-cluster-config

-file-assignments|http://marklogic.com/xdmp/privileges/ xdmp-delete-cluster-config-file/ assignments.xml|privilege to perform admin functions.|admin built-ins|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |xdmp-delete-cluster-config

-file-ca-bundle|http://marklogic.com/xdmp/privileges/ xdmp-delete-cluster-config-file/ ca-bundle.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-cluster-config

-file-calendars|http://marklogic.com/xdmp/privileges/ xdmp-delete-cluster-config-file/ calendars.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-cluster-config

-file-clusters|http://marklogic.com/xdmp/privileges/ xdmp-delete-cluster-config-file/ clusters.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-cluster-config

-file-countries|http://marklogic.com/xdmp/privileges/ xdmp-delete-cluster-config-file/ countries.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-cluster-config

-file-databases|http://marklogic.com/xdmp/privileges/ xdmp-delete-cluster-config-file/ databases.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-cluster-config

-file-dtfmt-langauges|http://marklogic.com/xdmp/privileges/ xdmp-delete-cluster-config-file/ dtfmt-languages.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-cluster-config

-file-groups|http://marklogic.com/xdmp/privileges/ xdmp-delete-cluster-config-file/ groups.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-cluster-config

-file-hosts|http://marklogic.com/xdmp/privileges/ xdmp-delete-cluster-config-file/ hosts.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-cluster-config

-file-keystore|http://marklogic.com/xdmp/privileges/ xdmp-delete-cluster-config-file/ keystore.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-cluster-config

-file-languages|http://marklogic.com/xdmp/privileges/ xdmp-delete-cluster-config-file/ languages.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-cluster-config

-file-mimetypes|http://marklogic.com/xdmp/privileges/ xdmp-delete-cluster-config-file/ mimetypes.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-cluster-config

-file-security|http://marklogic.com/xdmp/privileges/ xdmp-delete-cluster-config-file/ security.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-cluster-config

-file-server|http://marklogic.com/xdmp/privileges/ xdmp-delete-cluster-config-file/ server.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-cluster-config

-file-tokenizer|http://marklogic.com/xdmp/privileges/ xdmp-delete-cluster-config-file/ tokenizer.xml|privilege to perform admin functions.|admin built-ins|

Page 500

|xdmp-delete-cluster-config

-file-user-languages|http://marklogic.com/xdmp/privileges/ xdmp-delete-cluster-config-file/ user-languages.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-host-config-fil e|http://marklogic.com/xdmp/privileges/ xdmp-delete-host-config-file|privilege to perform admin functions|admin built-ins|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |xdmp-delete-host-config-fil e-assignments|http://marklogic.com/xdmp/privileges/ xdmp-delete-host-config-file/ assignments.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-host-config-fil e-ca-bundle|http://marklogic.com/xdmp/privileges/ xdmp-delete-host-config-file/ ca-bundle.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-host-config-fil e-calendars|http://marklogic.com/xdmp/privileges/ xdmp-delete-host-config-file/ calendars.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-host-config-fil e-clusters|http://marklogic.com/xdmp/privileges/ xdmp-delete-host-config-file/ clusters.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-host-config-fil e-countries|http://marklogic.com/xdmp/privileges/ xdmp-delete-host-config-file/ countries.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-host-config-fil e-databases|http://marklogic.com/xdmp/privileges/ xdmp-delete-host-config-file/ databases.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-host-config-fil e-dtfmt-langauges|http://marklogic.com/xdmp/privileges/ xdmp-delete-host-config-file/ dtfmt-languages.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-host-config-fil e-groups|http://marklogic.com/xdmp/privileges/ xdmp-delete-host-config-file/groups.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-host-config-fil e-hosts|http://marklogic.com/xdmp/privileges/ xdmp-delete-host-config-file/hosts.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-host-config-fil e-keystore|http://marklogic.com/xdmp/privileges/ xdmp-delete-host-config-file/ keystore.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-host-config-fil e-languages|http://marklogic.com/xdmp/privileges/ xdmp-delete-host-config-file/ languages.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-host-config-fil e-mimetypes|http://marklogic.com/xdmp/privileges/ xdmp-delete-host-config-file/ mimetypes.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-host-config-fil e-security|http://marklogic.com/xdmp/privileges/ xdmp-delete-host-config-file/ security.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-host-config-fil e-server|http://marklogic.com/xdmp/privileges/ xdmp-delete-host-config-file/server.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-host-config-fil e-tokenizer|http://marklogic.com/xdmp/privileges/ xdmp-delete-host-config-file/ tokenizer.xml|privilege to perform admin functions.|admin built-ins| |xdmp-delete-host-config-fil e-user-languages|http://marklogic.com/xdmp/privileges/ xdmp-delete-host-config-file/ user-languages.xml|privilege to perform admin functions.|admin built-ins|

Page 501

|xdmp-disable-event|http://marklogic.com/xdmp/privileges/ xdmp-disable-event|privilege to perform admin functions|admin built-ins|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |xdmp-document-get|http://marklogic.com/xdmp/privileges/ xdmp-document-get|privilege to execute function|xdmp:document-get| |xdmp-document-load|http://marklogic.com/xdmp/privileges/ xdmp-document-load|privilege to execute function|xdmp:document-load| |xdmp-email|http://marklogic.com/xdmp/privileges/ xdmp-email|privilege to email|xdmp:email| |xdmp-email-address|http://marklogic.com/xdmp/privileges/ xdmp-email-address|privilege to perform admin functions|admin built-ins| |xdmp-enable-event|http://marklogic.com/xdmp/privileges/ xdmp-enable-event|privilege to perform admin functions|admin built-ins| |xdmp-eval|http://marklogic.com/xdmp/privileges/ xdmp-eval|privilege to perform eval functions|xdmp:eval| |xdmp-eval-in|http://marklogic.com/xdmp/privileges/ xdmp-eval-in|privilege to perform eval-in functions|xdmp:eval-in| |xdmp-eval-modules-chang e|http://marklogic.com/xdmp/privileges/ xdmp-eval-modules-change|privilege to execute eval statements that change a modules database|xdmp:eval statements that change the modules database| |xdmp-eval-modules-chang e-file|http://marklogic.com/xdmp/privileges/ xdmp-eval-modules-change-file|privilege to execute eval statements that change a filesystem root|xdmp:eval statements that change the filesystem root| |xdmp-eval-transaction|http://marklogic.com/xdmp/privileges/ xdmp-eval-transaction|privilege to run eval statements with the transaction option|xdmp:eval statements that start a new transaction| |xdmp-expanded-tree-cach e-partitions|http://marklogic.com/xdmp/privileges/ xdmp-expanded-tree-cache-partitions|privilege to perform admin functions|admin built-ins| |xdmp-expanded-tree-cach e-size|http://marklogic.com/xdmp/privileges/ xdmp-expanded-tree-cache-size|privilege to perform admin functions|admin built-ins| |xdmp-external-binary|http://marklogic.com/xdmp/privileges/ xdmp-external-binary|privilege to access external binary function|xdmp:external-binary| |xdmp-filesystem-directory|http://marklogic.com/xdmp/privileges/ xdmp-filesystem-directory|privilege to run the built-in|xdmp:filesystem-directory| |xdmp-filesystem-directorycreate|http://marklogic.com/xdmp/privileges/ xdmp-filesystem-directory-create|privilege to perform admin functions|admin built-ins| |xdmp-filesystem-directorydelete|http://marklogic.com/xdmp/privileges/ xdmp-filesystem-directory-delete|privilege to perform admin functions.|admin built-ins| |xdmp-filesystem-file|http://marklogic.com/xdmp/privileges/ xdmp-filesystem-file|privilege to perform admin functions|xdmp:filesystem-file|

Page 502

|xdmp-filesystem-file-delete|http://marklogic.com/xdmp/privileges/ xdmp-filesystem-file-delete|privilege to perform admin functions.|admin built-ins| |xdmp-filesystem-file-exists|http://marklogic.com/xdmp/privileges/ xdmp-filesystem-file-exists|privilege to run the built-in|xdmp:filesystem-file-exists| |xdmp-filesystem-file-get-ti me|http://marklogic.com/xdmp/privileges/ xdmp-filesystem-file-get-time|privilege to perform admin functions.|xdmp:filesystem-file-get-time|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |xdmp-filesystem-file-length|http://marklogic.com/xdmp/privileges/ xdmp-filesystem-file-length|privilege to run the built-in|xdmp:filesystem-file-length| |xdmp-forest-backup|http://marklogic.com/xdmp/privileges/ xdmp-forest-backup|privilege to perform admin functions|admin built-ins| |xdmp-forest-clear|http://marklogic.com/xdmp/privileges/ xdmp-forest-clear|privilege to perform admin functions|admin built-ins| |xdmp-forest-combine|http://marklogic.com/xdmp/privileges/ xdmp-forest-combine|privilege to perform admin functions|admin built-in| |xdmp-forest-copy|http://marklogic.com/xdmp/privileges/ xdmp-forest-copy|privilege to perform admin functions|admin built-in| |xdmp-forest-delete|http://marklogic.com/xdmp/privileges/ xdmp-forest-delete|privilege to perform admin functions|admin built-ins| |xdmp-forest-directory-delet e|http://marklogic.com/xdmp/privileges/ xdmp-forest-directory-delete|privilege to perform admin functions|admin built-in| |xdmp-forest-directory-exist s|http://marklogic.com/xdmp/privileges/ xdmp-forest-directory-exists|privilege to perform admin functions|admin built-in| |xdmp-forest-get-readonly|http://marklogic.com/xdmp/privileges/ xdmp-forest-get-readonly|privilege to perform admin functions|admin built-in| |xdmp-forest-rename|http://marklogic.com/xdmp/privileges/ xdmp-forest-rename|privilege to perform admin functions|admin built-in| |xdmp-forest-restart|http://marklogic.com/xdmp/privileges/ xdmp-forest-restart|privilege to perform admin functions|admin built-ins| |xdmp-forest-restore|http://marklogic.com/xdmp/privileges/ xdmp-forest-restore|privilege to perform admin functions|admin built-ins| |xdmp-forest-rollback|http://marklogic.com/xdmp/privileges/ xdmp-forest-rollback|privilege to perform admin functions|admin built-ins| |xdmp-forest-set-readonly|http://marklogic.com/xdmp/privileges/ xdmp-forest-set-readonly|privilege to perform admin functions|admin built-in| |xdmp-get|http://marklogic.com/xdmp/privileges/ xdmp-get|privilege to get a document into memory|xdmp:get|

Page 503

|xdmp-get-forest-keys|http://marklogic.com/xdmp/privileges/ xdmp-get-forest-keys|privilege to perform admin functions|admin built-ins| |xdmp-get-hot-updates|http://marklogic.com/xdmp/privileges/ xdmp-get-hot-updates|privilege to perform admin functions|admin built-ins| |xdmp-get-orphaned-binari es|http://marklogic.com/xdmp/privileges/ xdmp-get-orphaned-binaries|privilege to run the built-in|xdmp:get-orphaned-binaries| |xdmp-get-server-field|http://marklogic.com/xdmp/privileges/ xdmp-get-server-field|privilege to get server fields|xdmp:get-server-field| |xdmp-get-server-field-nam es|http://marklogic.com/xdmp/privileges/ xdmp-get-server-field-names|privilege to get server fields names|xdmp:get-server-field-names| |xdmp-get-session-field|http://marklogic.com/xdmp/privileges/ xdmp-get-session-field|privilege to get session fields|xdmp:get-session-field|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |xdmp-get-session-field-na mes|http://marklogic.com/xdmp/privileges/ xdmp-get-session-field-names|privilege to get session field names|xdmp:get-session-field-name s| |xdmp-getenv|http://marklogic.com/xdmp/privileges/ xdmp-getenv|privilege to perform admin function|admin built-ins| |xdmp-host-cores|http://marklogic.com/xdmp/privileges/ xdmp-host-cores|privilege to perform admin functions|admin built-ins| |xdmp-host-cpus|http://marklogic.com/xdmp/privileges/ xdmp-host-cpus|privilege to perform admin functions|admin built-ins| |xdmp-host-size|http://marklogic.com/xdmp/privileges/ xdmp-host-size|privilege to perform admin functions|admin built-ins| |xdmp-hostname|http://marklogic.com/xdmp/privileges/ xdmp-hostname|privilege to perform admin functions|admin built-ins| |xdmp-http-get|http://marklogic.com/xdmp/privileges/ xdmp-http-get|privilege to perform http function|xdmp:http-get| |xdmp-http-head|http://marklogic.com/xdmp/privileges/ xdmp-http-head|privilege to perform http function|xdmp:http-head| |xdmp-http-options|http://marklogic.com/xdmp/privileges/ xdmp-http-options|privilege to perform http function|xdmp:http-options| |xdmp-http-delete|http://marklogic.com/xdmp/privileges/ xdmp-http-delete|privilege to perform http function|xdmp:http-delete| |xdmp-http-post|http://marklogic.com/xdmp/privileges/ xdmp-http-post|privilege to perform http function|xdmp:http-post| |xdmp-http-put|http://marklogic.com/xdmp/privileges/ xdmp-http-put|privilege to perform http function|xdmp:http-put|

Page 504

|xdmp-install-directory|http://marklogic.com/xdmp/privileges/ xdmp-install-directory|privilege to access the installation directory|admin built-ins| |xdmp-invoke|http://marklogic.com/xdmp/privileges/ xdmp-invoke|privilege to perform invoke functions|xdmp:invoke| |xdmp-invoke-in|http://marklogic.com/xdmp/privileges/ xdmp-invoke-in|privilege to perform invoke-in functions|xdmp:invoke-in| |xdmp-invoke-modules-cha nge|http://marklogic.com/xdmp/privileges/ xdmp-invoke-modules-change|privilege to execute invoke statements that change a modules database|xdmp:invoke statements that change the modules database| |xdmp-invoke-modules-cha nge-file|http://marklogic.com/xdmp/privileges/ xdmp-invoke-modules-change-file|privilege to execute invoke statements that change a filesystem root|xdmp:invoke statements that change the filesystem root| |xdmp-invoke-transaction|http://marklogic.com/xdmp/privileges/ xdmp-invoke-transaction|privilege to execute invoke statements that have the option|xdmp:invoke| |xdmp-license-accepted|http://marklogic.com/xdmp/privileges/ xdmp-license-accepted|privilege to perform admin functions|admin built-ins| |xdmp-license-fee|http://marklogic.com/xdmp/privileges/ xdmp-license-fee|privilege to perform admin functions|admin built-ins|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |xdmp-license-key|http://marklogic.com/xdmp/privileges/ xdmp-license-key|privilege to perform admin functions|admin built-ins| |xdmp-license-key-agreem ent|http://marklogic.com/xdmp/privileges/ xdmp-license-key-agreement|privilege to perform admin functions|admin built-ins| |xdmp-license-key-cores|http://marklogic.com/xdmp/privileges/ xdmp-license-key-cores|privilege to perform admin functions|admin built-ins| |xdmp-license-key-cpus|http://marklogic.com/xdmp/privileges/ xdmp-license-key-cpus|privilege to perform admin functions|admin built-ins| |xdmp-license-key-decode|http://marklogic.com/xdmp/privileges/ xdmp-license-key-decode|privilege to perform admin functions|admin built-ins| |xdmp-license-key-encode|http://marklogic.com/xdmp/privileges/ xdmp-license-key-encode|privilege to perform admin functions|admin built-ins| |xdmp-license-key-expires|http://marklogic.com/xdmp/privileges/ xdmp-license-key-expires|privilege to perform admin functions|admin built-ins| |xdmp-license-key-options|http://marklogic.com/xdmp/privileges/ xdmp-license-key-options|privilege to perform admin functions|admin built-ins| |xdmp-license-key-size|http://marklogic.com/xdmp/privileges/ xdmp-license-key-size|privilege to perform admin functions|admin built-ins| |xdmp-license-key-valid|http://marklogic.com/xdmp/privileges/ xdmp-license-key-valid|privilege to perform admin functions|admin built-ins|

Page 505

|xdmp-licensee|http://marklogic.com/xdmp/privileges/ xdmp-licensee|privilege to perform admin functions|admin built-ins| |xdmp-list-cache-partitions|http://marklogic.com/xdmp/privileges/ xdmp-list-cache-partitions|privilege to perform admin functions|admin built-ins| |xdmp-list-cache-size|http://marklogic.com/xdmp/privileges/ xdmp-list-cache-size|privilege to perform admin functions|admin built-ins| |xdmp-load|http://marklogic.com/xdmp/privileges/ xdmp-load|privilege needed to load a document from the file system|xdmp:load| |xdmp-login|http://marklogic.com/xdmp/privileges/ xdmp-login|privilege to log in a user without the corresponding password|xdmp-login| |xdmp-merge|http://marklogic.com/xdmp/privileges/ xdmp-merge|privilege to start merging the forests|xdmp-merge| |xdmp-merging|http://marklogic.com/xdmp/privileges/ xdmp-merging|privilege to get forest ids of forests currently merging|xdmp:merging| |xdmp-missing-directories|http://marklogic.com/xdmp/privileges/ xdmp-missing-directories|privilege to perform admin functions|admin built-ins| |xdmp-plan|http://marklogic.com/xdmp/privileges/ xdmp-plan|privilege to perform admin functions|admin built-ins| |xdmp-pre-release-expires|http://marklogic.com/xdmp/privileges/ xdmp-pre-release-expires|privilege to perform admin functions|admin built-ins| |xdmp-privilege-roles|http://marklogic.com/xdmp/privileges/ xdmp-privilege-roles|privilege needed to get a role’s privileges|xdmp:privilege-roles|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |xdmp-read-cluster-config-fi le|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file|privilege to perform admin functions|admin built-ins| |xdmp-read-cluster-config-fi le-assignments|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/ assignments.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-cluster-config-fi le-assignments-schema|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/ assignments.xsd|privilege to perform admin functions|admin built-ins| |xdmp-read-cluster-config-fi le-ca-bundle|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/ ca-bundle.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-cluster-config-fi le-calendars|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/ calendars.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-cluster-config-fi le-clusters|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/ clusters.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-cluster-config-fi le-clusters-schema|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/ clusters.xsd|privilege to perform admin functions|admin built-ins|

Page 506

|xdmp-read-cluster-config-fi le-countries|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/ countries.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-cluster-config-fi le-database-schema|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/ database.xsd|privilege to perform admin functions|admin built-ins| |xdmp-read-cluster-config-fi le-databases|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/ databases.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-cluster-config-fi le-dtfmt-langauges|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/ dtfmt-languages.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-cluster-config-fi le-group-schema|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/group.xsd|privilege to perform admin functions|admin built-ins| |xdmp-read-cluster-config-fi le-groups|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/ groups.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-cluster-config-fi le-host-schema|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/hosts.xsd|privilege to perform admin functions|admin built-ins| |xdmp-read-cluster-config-fi le-hosts|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/hosts.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-cluster-config-fi le-keystore|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/ keystore.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-cluster-config-fi le-keystore-schema|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/ keystore.xsd|privilege to perform admin functions|admin built-ins|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |xdmp-read-cluster-config-fi le-languages|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/ languages.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-cluster-config-fi le-mimetypes|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/ mimetypes.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-cluster-config-fi le-mimetypes-schema|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/ mimetypes.xsd|privilege to perform admin functions|admin built-ins| |xdmp-read-cluster-config-fi le-security|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/ security.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-cluster-config-fi le-server|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/server.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-cluster-config-fi le-tokenizer|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/ tokenizer.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-cluster-config-fi le-user-languages|http://marklogic.com/xdmp/privileges/ xdmp-read-cluster-config-file/ user-languages.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-host-config-file|http://marklogic.com/xdmp/privileges/ xdmp-read-host-config-file|privilege to perform admin functions|admin built-ins|

Page 507

|xdmp-read-host-config-fileassignments|http://marklogic.com/xdmp/privileges/ xdmp-read-host-config-file/ assignments.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-host-config-fileca-bundle|http://marklogic.com/xdmp/privileges/ xdmp-read-host-config-file/ ca-bundle.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-host-config-filecalendars|http://marklogic.com/xdmp/privileges/ xdmp-read-host-config-file/ calendars.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-host-config-fileclusters|http://marklogic.com/xdmp/privileges/ xdmp-read-host-config-file/clusters.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-host-config-filecountries|http://marklogic.com/xdmp/privileges/ xdmp-read-host-config-file/ countries.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-host-config-filedatabases|http://marklogic.com/xdmp/privileges/ xdmp-read-host-config-file/ databases.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-host-config-filedtfmt-langauges|http://marklogic.com/xdmp/privileges/ xdmp-read-host-config-file/ dtfmt-languages.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-host-config-filegroups|http://marklogic.com/xdmp/privileges/ xdmp-read-host-config-file/groups.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-host-config-filehosts|http://marklogic.com/xdmp/privileges/ xdmp-read-host-config-file/hosts.xml|privilege to perform admin functions|admin built-ins|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |xdmp-read-host-config-filekeystore|http://marklogic.com/xdmp/privileges/ xdmp-read-host-config-file/keystore.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-host-config-filelanguages|http://marklogic.com/xdmp/privileges/ xdmp-read-host-config-file/ languages.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-host-config-filemimetypes|http://marklogic.com/xdmp/privileges/ xdmp-read-host-config-file/ mimetypes.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-host-config-filesecurity|http://marklogic.com/xdmp/privileges/ xdmp-read-host-config-file/security.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-host-config-fileserver|http://marklogic.com/xdmp/privileges/ xdmp-read-host-config-file/server.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-host-config-filetokenizer|http://marklogic.com/xdmp/privileges/ xdmp-read-host-config-file/ tokenizer.xml|privilege to perform admin functions|admin built-ins| |xdmp-read-host-config-fileuser-languages|http://marklogic.com/xdmp/privileges/ xdmp-read-host-config-file/ user-languages.xml|privilege to perform admin functions|admin built-ins| |xdmp-remove-orphaned-bi nary|http://marklogic.com/xdmp/privileges/ xdmp-remove-orphaned-binary|privilege to run the built-in|xdmp:remove-orphaned-bina ry| |xdmp-restart|http://marklogic.com/xdmp/privileges/ xdmp-restart|privilege to perform admin functions|admin built-ins|

Page 508

|xdmp-role-roles|http://marklogic.com/xdmp/privileges/ xdmp-role-roles|privilege to get a role’s roles|xdmp:role-roles| |xdmp-rotate-log-files|http://marklogic.com/xdmp/privileges/ xdmp-rotate-log-files|privilege to perform admin functions|admin built-ins| |xdmp-save|http://marklogic.com/xdmp/privileges/ xdmp-save|privilege needed to save a document to the file system|xdmp:save| |xdmp-server-backup|http://marklogic.com/xdmp/privileges/ xdmp-server-backup|privilege to perform admin functions|admin built-ins| |xdmp-server-import-qualiti es|http://marklogic.com/xdmp/privileges/ xdmp-server-import-qualities|privilege to perform admin functions|admin built-ins| |xdmp-server-restore|http://marklogic.com/xdmp/privileges/ xdmp-server-restore|privilege to perform admin functions|admin built-ins| |xdmp-set-current-transacti on|http://marklogic.com/xdmp/privileges/ set-current-transaction|privilege to perform the multi-statement transaction function|xdmp:set-current-transaction| |xdmp-set-hot-updates|http://marklogic.com/xdmp/privileges/ xdmp-set-hot-updates|privilege to perform admin functions|admin built-ins| |xdmp-set-request-time-limi t|http://marklogic.com/xdmp/privileges/ xdmp-set-request-time-limit|privilege to set time limits for a request|xdmp:set-request-time-limit| |xdmp-set-server-field|http://marklogic.com/xdmp/privileges/ xdmp-set-server-field|privilege to set a server fields|xdmp:set-server-field|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |xdmp-set-server-field-privil ege|http://marklogic.com/xdmp/privileges/ xdmp-set-server-field-privilege|privilege to set a specific privilege on a server field|xdmp:set-server-field-privileg e| |xdmp-set-session-field|http://marklogic.com/xdmp/privileges/ xdmp-set-session-field|privilege to run the built-in|xdmp:set-session-field| |xdmp-shutdown|http://marklogic.com/xdmp/privileges/ xdmp-shutdown|privilege to perform admin functions|admin built-ins| |xdmp-sleep|http://marklogic.com/xdmp/privileges/ xdmp-sleep|privilege to perform admin functions|admin built-ins| |xdmp-smtp-relay|http://marklogic.com/xdmp/privileges/ xdmp-smtp-relay|privilege to perform admin functions|admin built-ins| |xdmp-spawn|http://marklogic.com/xdmp/privileges/ xdmp-spawn|privilege to perform spawn functions|xdmp:spawn| |xdmp-spawn-in|http://marklogic.com/xdmp/privileges/ xdmp-spawn-in|privilege to perform spawn-in functions|xdmp:spawn-in| |xdmp-spawn-modules-cha nge|http://marklogic.com/xdmp/privileges/ xdmp-spawn-modules-change|privilege to execute spawn statements that change a modules database|xdmp:spawn statements that change the modules database|

Page 509

|xdmp-spawn-modules-cha nge-file|http://marklogic.com/xdmp/privileges/ xdmp-spawn-modules-change-file|privilege to execute spawn statements that change a filesystem root|xdmp:spawn statements that change the filesystem root| |xdmp-spawn-transaction|http://marklogic.com/xdmp/privileges/ xdmp-spawn-transaction|privilege to execute spawn statements that have the option|xsmp:spawn| |xdmp-sql|http://marklogic.com/xdmp/privileges/ xdmp-sql|privilege to perform SQL queries|xdmp:sql| |xdmp-timestamp|http://marklogic.com/xdmp/privileges/ xdmp-timestamp|privilege to perform point-in-time queries|xdmp:eval, xdmp:invoke (timestamp option)| |xdmp-transaction-create|http://marklogic.com/xdmp/privileges/ xdmp-transaction-create|privilege to run the built-in|xdmp:transaction-create| |xdmp-transaction-create-xi d|http://marklogic.com/xdmp/privileges/ xdmp-transaction-create-xid|privilege to run the built-in|xdmp:transaction-create-xid| |xdmp-triple-cache-partition s|http://marklogic.com/xdmp/privileges/ xdmp-triple-cache-partitions|privilege to run the built-in|admin built-ins| |xdmp-triple-cache-size|http://marklogic.com/xdmp/privileges/ xdmp-triple-cache-size|privilege to run the built-in|admin built-ins| |xdmp-triple-value-cache-p artitions|http://marklogic.com/xdmp/privileges/ xdmp-triple-value-cache-partitions|privilege to run the built-in|admin built-ins| |xdmp-triple-value-cache-si ze|http://marklogic.com/xdmp/privileges/ xdmp-triple-value-cache-size|privilege to run the built-in|admin built-ins| |xdmp-user-last-login|http://marklogic.com/xdmp/privileges/ xdmp-user-last-login|privilege to get run the built-in|xdmp:user-last-login| |xdmp-user-roles|http://marklogic.com/xdmp/privileges/ xdmp-user-roles|privilege to get a user’s roles|xdmp:user-roles|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |xdmp-username|http://marklogic.com/xdmp/privileges/ xdmp-username|privilege to perform admin functions|admin built-ins| |xdmp-value|http://marklogic.com/xdmp/privileges/ xdmp-value|privilege to use the “evaluate an expression” function|xdmp:value| |xdmp-with-namespace|http://marklogic.com/xdmp/privileges/ xdmp-with-namespace|privilege to use the “evaluate an expression preserving the namespace” function|xdmp:with-namespace| |xdmp-write-cluster-config-fi le|http://marklogic.com/xdmp/privileges/ xdmp-write-cluster-config-file|privilege to perform admin functions|admin built-ins| |xdmp-write-cluster-config-fi le-assignments|http://marklogic.com/xdmp/privileges/ xdmp-write-cluster-config-file/ assignments.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-cluster-config-fi le-ca-bundle|http://marklogic.com/xdmp/privileges/ xdmp-write-cluster-config-file/ ca-bundle.xml|privilege to perform admin functions|admin built-ins|

Page 510

|xdmp-write-cluster-config-fi le-calendars|http://marklogic.com/xdmp/privileges/ xdmp-write-cluster-config-file/ calendars.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-cluster-config-fi le-clusters|http://marklogic.com/xdmp/privileges/ xdmp-write-cluster-config-file/ clusters.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-cluster-config-fi le-countries|http://marklogic.com/xdmp/privileges/ xdmp-write-cluster-config-file/ countries.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-cluster-config-fi le-databases|http://marklogic.com/xdmp/privileges/ xdmp-write-cluster-config-file/ databases.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-cluster-config-fi le-dtfmt-langauges|http://marklogic.com/xdmp/privileges/ xdmp-write-cluster-config-file/ dtfmt-languages.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-cluster-config-fi le-groups|http://marklogic.com/xdmp/privileges/ xdmp-write-cluster-config-file/ groups.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-cluster-config-fi le-hosts|http://marklogic.com/xdmp/privileges/ xdmp-write-cluster-config-file/hosts.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-cluster-config-fi le-keystore|http://marklogic.com/xdmp/privileges/ xdmp-write-cluster-config-file/ keystore.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-cluster-config-fi le-languages|http://marklogic.com/xdmp/privileges/ xdmp-write-cluster-config-file/ languages.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-cluster-config-fi le-mimetypes|http://marklogic.com/xdmp/privileges/ xdmp-write-cluster-config-file/ mimetypes.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-cluster-config-fi le-security|http://marklogic.com/xdmp/privileges/ xdmp-write-cluster-config-file/ security.xml|privilege to perform admin functions|admin built-ins|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |xdmp-write-cluster-config-fi le-server|http://marklogic.com/xdmp/privileges/ xdmp-write-cluster-config-file/server.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-cluster-config-fi le-tokenizer|http://marklogic.com/xdmp/privileges/ xdmp-write-cluster-config-file/ tokenizer.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-cluster-config-fi le-user-languages|http://marklogic.com/xdmp/privileges/ xdmp-write-cluster-config-file/ user-languages.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-host-config-file|http://marklogic.com/xdmp/privileges/ xdmp-write-host-config-file|privilege to perform admin functions|admin built-ins| |xdmp-write-host-config-file

-assignments|http://marklogic.com/xdmp/privileges/ xdmp-write-host-config-file/ assignments.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-host-config-file

-ca-bundle|http://marklogic.com/xdmp/privileges/ xdmp-write-host-config-file/ ca-bundle.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-host-config-file

-calendars|http://marklogic.com/xdmp/privileges/ xdmp-write-host-config-file/ calendars.xml|privilege to perform admin functions|admin built-ins|

Page 511

|xdmp-write-host-config-file

-clusters|http://marklogic.com/xdmp/privileges/ xdmp-write-host-config-file/clusters.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-host-config-file

-countries|http://marklogic.com/xdmp/privileges/ xdmp-write-host-config-file/ countries.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-host-config-file

-databases|http://marklogic.com/xdmp/privileges/ xdmp-write-host-config-file/ databases.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-host-config-file

-dtfmt-langauges|http://marklogic.com/xdmp/privileges/ xdmp-write-host-config-file/ dtfmt-languages.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-host-config-file

-groups|http://marklogic.com/xdmp/privileges/ xdmp-write-host-config-file/groups.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-host-config-file

-hosts|http://marklogic.com/xdmp/privileges/ xdmp-write-host-config-file/hosts.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-host-config-file

-keystore|http://marklogic.com/xdmp/privileges/ xdmp-write-host-config-file/keystore.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-host-config-file

-languages|http://marklogic.com/xdmp/privileges/ xdmp-write-host-config-file/ languages.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-host-config-file

-mimetypes|http://marklogic.com/xdmp/privileges/ xdmp-write-host-config-file/ mimetypes.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-host-config-file

-security|http://marklogic.com/xdmp/privileges/ xdmp-write-host-config-file/security.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-host-config-file

-server|http://marklogic.com/xdmp/privileges/ xdmp-write-host-config-file/server.xml|privilege to perform admin functions|admin built-ins|
|Name|Action URI|Description|Protects Function| |---|---|---|---| | | | | | |xdmp-write-host-config-file

-tokenizer|http://marklogic.com/xdmp/privileges/ xdmp-write-host-config-file/ tokenizer.xml|privilege to perform admin functions|admin built-ins| |xdmp-write-host-config-file

-user-languages|http://marklogic.com/xdmp/privileges/ xdmp-write-host-config-file/ user-languages.xml|privilege to perform admin functions|admin built-ins| |xdmp-xslt-eval|http://marklogic.com/xdmp/privileges/ xslt-eval|privilege to use xdmp:xslt-eval|xdmp:xslt-eval| |xdmp-xslt-eval-in|http://marklogic.com/xdmp/privileges/ xslt-eval-in|privilege to use xdmp:xslt-eval-in|xdmp:xslt-eval-in| |xdmp-xslt-eval-modules-ch ange|http://marklogic.com/xdmp/privileges/ xslt-eval-modules-change|privilege to change the modules database for xdmp:xslt-eval|xdmp:xslt-eval| |xdmp-xslt-eval-modules-ch ange-file|http://marklogic.com/xdmp/privileges/ xslt-eval-modules-change-file|privilege to change the filesystem root for xdmp:xslt-eval| option|xdmp:xslt-eval|

Page 512

|xdmp-xslt-invoke|http://marklogic.com/xdmp/privileges/ xslt-invoke|privilege to use xdmp:xslt-invoke|xdmp:xslt-invoke| |xdmp-xslt-invoke-in|http://marklogic.com/xdmp/privileges/ xslt-invoke-in|privilege to use xdmp:xslt-invoke-in|xdmp:xslt-invoke-in| |xdmp-xslt-invoke-moduleschange|http://marklogic.com/xdmp/privileges/ xslt-invoke-modules-change|privilege to use xdmp:xslt-invoke and change the modules database|xdmp:xslt-invoke| |xdmp-xslt-invoke-moduleschange-file|http://marklogic.com/xdmp/privileges/ xslt-invoke-modules-change-file|privilege to use xdmp:xslt-invoke and change the App Server root|xdmp:xslt-invoke| |xdmp-xslt-invoke-transacti on|http://marklogic.com/xdmp/privileges/ xslt-invoke-transaction|privilege to execute xdmp:xslt-invoke statements that have the option|xdmp:xslt-invoke|
##### 35.0 Appendix C: Pre-defined Roles
The following roles are pre-defined in every installation of MarkLogic Server. To give a user execute privileges listed for each pre-defined role, you may add the execute privileges individually to an existing role for the user, or add the pre-defined role to the user’s set of roles.
The following are the pre-built roles in MarkLogic Server:
• admin
• admin-builtins
• admin-configuration-delete
• admin-configuration-read
• admin-configuration-write

Page 513

• admin-default
• admin-default-internal
• admin-module-internal
• admin-module-read-internal
• admin-module-read-invoke
• admin-transform
• admin-ui-user
• alert-admin
• alert-execution
• alert-internal
• alert-user
• app-builder

Page 514

• app-builder-internal
• app-user
• application-plugin-registrar
• appservices-internal
• cpf-restart
• custom-dictionary-admin
• custom-dictionary-user
• custom-language-admin-read
• custom-language-admin-write
• dls-admin
• dls-internal

Page 515

• dls-user
• domain-management
• filesystem-access
• flexrep-admin
• flexrep-internal
• flexrep-user
• hadoop-internal
• hadoop-user-all
• hadoop-user-read
• hadoop-user-write
• infostudio-admin-internal

Page 516

• infostudio-internal
• infostudio-user
• manage
• manage-admin
• manage-admin-internal
• manage-internal
• manage-user
• merge
• network-access
• pipeline-execution
• pipeline-management
• pki

Page 517

• plugin-internal
• qconsole-internal
• qconsole-user
• rest-admin
• rest-admin-internal
• rest-extension-user
• rest-internal
• rest-reader
• rest-writer-internal
• rest-writer
• rest-reader-internal

Page 518

• search-internal
• security
• tde-admin
• tde-view
• temporal-admin
• temporal-internal
• trigger-management
• view-admin
• view-admin-internal
• welcome-internal
• xa

Page 519

• xa-admin
• xinclude
######### 35.1 admin
The admin role is given all privileges and permissions to perform any action in the system. There are no default permissions associated with the admin role. Users with the admin role are considered authorized administrators; they are trusted personnel and are assumed to be non-hostile, appropriately trained, and follow proper administrative procedures.
######### 35.2 admin-builtins
The admin-builtins role has the execute privileges to call the admin built-in functions. The execute privileges given to the admin-builtins role are:
|Name|Action URI| |---|---| | | | |cancel-any-request|http://marklogic.com/xdmp/privileges/cancel-any-request| |cancel-my-request|http://marklogic.com/xdmp/privileges/cancel-my-request| |count-builtins|http://marklogic.com/xdmp/privileges/counts| |xdmp:address-bindable|http://marklogic.com/xdmp/privileges/xdmp-address-bindable|
|Name|Action URI|

Page 520

|---|---| | | | |xdmp:amp-roles|http://marklogic.com/xdmp/privileges/xdmp-amp-roles| |xdmp:castable-as|http://marklogic.com/xdmp/privileges/xdmp-castable-as| |xdmp:compressed-tree-cache-size|http://marklogic.com/xdmp/privileges/xdmp-compressed-tree-cache-size| |xdmp:compressed-tree-cache-partitions|http://marklogic.com/xdmp/privileges/xdmp-compressed-tree-cache-partitions| |xdmp:default-in-memory-limit|http://marklogic.com/xdmp/privileges/xdmp-default-in-memory-limit| |xdmp:default-in-memory-list-size|http://marklogic.com/xdmp/privileges/xdmp-default-in-memory-list-size| |xdmp:default-in-memory-range-index-size|http://marklogic.com/xdmp/privileges/xdmp-default-in-memory-range-index-size| |xdmp:in-memory-tree-size|http://marklogic.com/xdmp/privileges/xdmp-in-memory-tree-size| |xdmp:delete-cluster-config-file|http://marklogic.com/xdmp/privileges/xdmp-delete-cluster-config-file| |xdmp:delete-host-config-file|http://marklogic.com/xdmp/privileges/xdmp-delete-host-config-file| |xdmp:directory|http://marklogic.com/xdmp/privileges/xdmp-directory| |xdmp:disable-event|http://marklogic.com/xdmp/privileges/xdmp-disable-event| |xdmp:email|http://marklogic.com/xdmp/privileges/xdmp-email| |xdmp:email-address|http://marklogic.com/xdmp/privileges/xdmp-email-address| |xdmp:enable-event|http://marklogic.com/xdmp/privileges/xdmp-enable-event| |xdmp:expanded-tree-cache-size|http://marklogic.com/xdmp/privileges/xdmp-expanded-tree-cache-size| |xdmp:expanded-tree-cache-partitions|http://marklogic.com/xdmp/privileges/xdmp-expanded-tree-cache-partitions| |xdmp:forest-backup|http://marklogic.com/xdmp/privileges/xdmp-forest-backup| |xdmp:forest-clear|http://marklogic.com/xdmp/privileges/xdmp-forest-clear| |xdmp:forest-delete|http://marklogic.com/xdmp/privileges/xdmp-forest-delete| |xdmp:forest-restore|http://marklogic.com/xdmp/privileges/xdmp-forest-restore|

Page 521

|xdmp:forest-status|http://marklogic.com/xdmp/privileges/xdmp-forest-status| |xdmp:forest-keys|http://marklogic.com/xdmp/privileges/xdmp-forest-keys| |xdmp:get-hot-updates|http://marklogic.com/xdmp/privileges/xdmp-get-hot-updates| |xdmp:host-name|http://marklogic.com/xdmp/privileges/xdmp-hostname| |xdmp:license-accepted|http://marklogic.com/xdmp/privileges/xdmp-license-accepted| |xdmp:list-cache-size|http://marklogic.com/xdmp/privileges/xdmp-list-cache-size| |xdmp:list-cache-partitions|http://marklogic.com/xdmp/privileges/xdmp-list-cache-partitions| |xdmp:pre-release-expires|http://marklogic.com/xdmp/privileges/xdmp-pre-release-expires| |xdmp:read-cluster-config-file|http://marklogic.com/xdmp/privileges/xdmp-read-cluster-config-file| |xdmp:read-host-config-file|http://marklogic.com/xdmp/privileges/xdmp-read-host-config-file| |xdmp:restart|http://marklogic.com/xdmp/privileges/xdmp-restart| |xdmp:server-backup|http://marklogic.com/xdmp/privileges/xdmp-server-backup| |xdmp:server-import-qualities|http://marklogic.com/xdmp/privileges/xdmp-server-import-qualities| |xdmp:server-restore|http://marklogic.com/xdmp/privileges/xdmp-server-restore| |xdmp:set-hot-updates|http://marklogic.com/xdmp/privileges/xdmp-set-hot-updates| |xdmp:shutdown|http://marklogic.com/xdmp/privileges/xdmp-shutdown| |xdmp:smtp-relay|http://marklogic.com/xdmp/privileges/xdmp-smtp-relay|
|Name|Action URI| |---|---| | | | |xdmp:user-last-login|http://marklogic.com/xdmp/privileges/xdmp-user-last-login|

Page 522

|xdmp:username|http://marklogic.com/xdmp/privileges/xdmp-username| |xdmp:write-cluster-config-file|http://marklogic.com/xdmp/privileges/xdmp-write-cluster-config-file| |xdmp:write-host-config-file|http://marklogic.com/xdmp/privileges/xdmp-write-host-config-file|
There are no default permissions associated with the admin-builtins role.
######### 35.3 admin-configuration-delete
The admin-configuration-delete role enables administrator users to delete configuration information.
######### 35.4 admin-configuration-read
The admin-configuration-read role enables administrator users to read configuration information.
######### 35.5 admin-configuration-write
The admin-configuration-write role enables administrator users to write configuration information.
######### 35.6 admin-default
The admin-default role enables administrator users to evaluate administration default expressions.

Page 523

######### 35.7 admin-default-internal
The admin-default-internal role enables administrator users to invoke administration default expressions.
######### 35.8 admin-module-internal
The admin-module-read-internal role is used internally by the Admin Library Module. Do not assign this role to any user. For details, see Scripting Administrative Tasks in MarkLogic Server in the Scripting Administrative Tasks Guide.
######### 35.9 admin-module-read-internal
The admin-module-read-internal role is used internally by the Admin Library Module for reading. Do not assign this role to any user. For details, see Scripting Administrative Tasks in MarkLogic Server in the Scripting Administrative Tasks Guide.
35.10 admin-module-read-invoke
The admin-module-read-internal role is used internally by the Admin Library Module for invoking functions with granular privileges. Do not assign this role to any user. For details, see Scripting Administrative Tasks in MarkLogic Server in the Scripting Administrative Tasks Guide.
35.11 admin-transform
The admin-transform role enables administrator users to evaluate transformations within the Admin API.
35.12 admin-ui-user
The admin-ui-user role enables users to have a read-only view of the Admin UI, without providing access to data, to security configuration, or write access to server configuration.

Page 524

35.13 alert-admin
The alert-admin role is used for administrators of an alerting application. For details, see the Creating Alerting Applications chapter of the Search Developer’s Guide.
35.14 alert-execution
The alert-execution role is used internally by the Alerting API to amp privileges in a protected way. Do not give this role to any individual users. For details, see the Creating Alerting Applications chapter of the Search Developer’s Guide.
35.15 alert-internal
The alert-internal role is used internally by the Alerting API to amp privileges in a protected way. You should not give this role to any individual users. For details, see the Creating Alerting Applications chapter of the Search Developer’s Guide.
35.16 alert-user The alert-user role is used by users of an alerting application. For details, see the Creating Alerting Applications chapter of the Search Developer’s Guide.
35.17 app-builder
The app-builder role provides the privileges needed to run Application Builder. Application Builder is no longer a part of MarkLogic. This role exists only for backward compatibility.
35.18 app-builder-internal
Application Builder is no longer a part of MarkLogic. This role exists only for backward compatibility.

Page 525

######### 35.19 app-user
The app-user role is a minimally privileged role that is needed to run any application that Application Builder generates. Application Builder is no longer a part of MarkLogic. This role exists only for backward compatibility.
######### 35.20 application-plugin-registrar
The application-plugin-registrar role is used in the plugin API, and has the following execute privileges:
|Name|Action URI| |---|---| | | | |plugin-server-fields|http://marklogic.com/xdmp/privileges/plugin-server-fields| |plugin-register|http://marklogic.com/xdmp/privileges/plugin-register| |xdmp:filesystem-directory|http://marklogic.com/xdmp/privileges/xdmp-filesystem-directory| |xdmp:get-server-field|http://marklogic.com/xdmp/privileges/xdmp-get-server-field| |xdmp:get-server-field-names|http://marklogic.com/xdmp/privileges/xdmp-get-server-field-names| |xdmp:invoke-modules-change-file|http://marklogic.com/xdmp/privileges/xdmp-invoke-modules-change-file| |xdmp:set-server-field|http://marklogic.com/xdmp/privileges/xdmp-set-server-field| |xdmp:set-server-field-privilege|http://marklogic.com/xdmp/privileges/xdmp-set-server-field-privilege|
######### 35.21 appservices-internal

Page 526

The appservices-internal role is used by Application Services to amp certain functions that Application Services performs. You should not explicitly grant the appservices-internal role to any user; it is only for internal use by Application Services.
######### 35.22 cpf-restart
The cpf-restart role is used by CPF to control access to the CPF restart trigger. The CPF restart user should have the cpf-restart role, as well as all of the permissions and privileges that normal users have on the documents.
######### 35.23 custom-dictionary-admin
The custom-dictionary-admin role is to perform adminstative functions (for writing dictionaries in the configuration) in the custom dictionary API.
######### 35.24 custom-dictionary-user
The custom-dictionary-user role is to perform user functions (for reading dictionaries in the configuration) in the custom dictionary API.
######### 35.25 custom-language-admin-read
The custom-language-admin-read role enables a user to read custom language configuration. That is, to use functions such as clang:language-config-read.
######### 35.26 custom-language-admin-write
The custom-language-admin-write role enables a user to modify custom language configuration. That is, to use functions such as clang:language-config-write and clang-language-config-delete. These operations change the cluster configuration file and cause a cluster-wide restart when used.

Page 527

######### 35.27 dls-admin
The dls-admin role is designed to give administrators of Library Services applications all of the privileges that are needed to use the Library Services API. It has the needed privileges to perform operations such as inserting retention policies and breaking checkouts, so only trusted users (users who are assumed to be non-hostile, appropriately trained, and follow proper administrative procedures) should be granted the dls-admin role. Assign the dls-admin role to administrators of your Library Services application.
For details, see the Library Services Applications chapter in the Application Developer’s Guide.
######### 35.28 dls-internal
The dls-internal role is a role that is used internally by the Library Services API, but you should not explicitly grant it to any user or role. This role is used to amp special privileges within the context of certain functions of the Library Services API. Assigning this role to users would give them privileges on the system that you typically do not want them to have; do not assign this role to any users.
For details, see the Library Services Applications chapter in the Application Developer’s Guide.
######### 35.29 dls-user
The dls-user role is a minimally privileged role. It is used in the Library Services API to allow regular users of the Library Services application (as opposed to dls-admin users) to be able to execute code in the Library Services API. It allows users, with document update permission, to manage, checkout, and checkin managed documents.
The dls-user role only has privileges that are needed to run the Library Services API; it does not provide execute privileges to any functions outside the scope of the Library Services API. The Library Services API uses the dls-user role as a mechanism to amp more privileged operations in a controlled way. It is therefore reasonably safe to assign this role to any user whom you trust to use your Library Services application. Assign the dls-user role to all users of your Library Services application.
For details, see the Library Services Applications chapter in the Application Developer’s Guide.
35.30 domain-management
The domain-management role has the privileges to create and modify content processing domains. The domain-management role has no execute privileges associated with it, but it has the following default permissions:

Page 528

35.31 filesystem-access
The filesystem-access role has the privileges to access the file system. The execute privileges given to the filesystem-access role are:
There are no default permissions associated with the filesystem-access role.
35.32 flexrep-admin The flexrep-admin role is required to configure replication.

35.33 flexrep-internal
The flexrep-internal role is used by Flexible Replication to amp certain functions that Flexible Replication performs. You should not explicitly grant the flexrep-internal role to any user; it is only for internal use by Flexible Replication.
35.34 flexrep-user
|Role|Capability| |---|---| | | | |domain-management|Read| |domain-management|Update|
|Name|Action URI|

Page 529

|---|---| | | | |xdmp:document-get|http://marklogic.com/xdmp/privileges/xdmp-document-get| |xdmp:document-load|http://marklogic.com/xdmp/privileges/xdmp-document-load| |xdmp:get|http://marklogic.com/xdmp/privileges/xdmp-get| |xdmp:load|http://marklogic.com/xdmp/privileges/xdmp-load| |xdmp:save|http://marklogic.com/xdmp/privileges/xdmp-save|
The flexrep-user role user is required to access the Replica App Server when configured for push replication and the Master App Server when configured for pull replication. The replication user must be given the flexrep-user role and have the privileges necessary to update the domain content.
35.35 hadoop-internal
The hadoop-internal role is for internal use only. Do not assign this role to any users. This role is used to amp special privileges within the context of certain functions of the Hadoop MapReduce Connector. Assigning this role to users would give them privileges on the system that you typically do not want them to have.
35.36 hadoop-user-all The hadoop-user-all role combines the privileges of hadoop-user-read and hadoop-user-write.

35.37 hadoop-user-read
The hadoop-user-read role allows use of MarkLogic Server as an input source for a MapReduce job. This role does not grant any other privileges, so the mapreduce.marklogic.input.user may still require additional privileges to read content from the target database. The hadoop-user-read role has the following execute privileges:
35.38 hadoop-user-write

Page 530

|Name|Action URI| |---|---| | | | |hadoop-user-read|http://marklogic.com/xdmp/privileges/hadoop-user-read| | | | |xdbc:eval|http://marklogic.com/xdmp/privileges/xdbc-eval| |xdbc:eval-in|http://marklogic.com/xdmp/privileges/xdbc-eval-in| |xdmp:value|http://marklogic.com/xdmp/privileges/xdmp-value| |xdmp:with-namespaces|http://marklogic.com/xdmp/privileges/xdmp-with-namespace|
The hadoop-user-write role allows use of MarkLogic Server as an output destination for a MapReduce job. This role does not grant any other privileges, so the mapreduce.marklogic.output.user may still require additional privileges to insert or update content in the target database. The hadoop-user-write role has the following execute privileges:
|Name|Action URI| |---|---| | | | |any-uri|http://marklogic.com/xdmp/privileges/any-uri| | | | |hadoop-user-write|http://marklogic.com/xdmp/privileges/hadoop-user-write| | | | |unprotected-collections|http://marklogic.com/xdmp/privileges/unprotected-collections| | | | |xdbc:eval|http://marklogic.com/xdmp/privileges/xdbc-eval|

Page 531

|xdbc:insert-in|http://marklogic.com/xdmp/privileges/xdbc-insert-in| |xdmp:with-namespaces|http://marklogic.com/xdmp/privileges/xdmp-with-namespace|
######### 35.39 infostudio-admin-internal
Information Studio is no longer a part of MarkLogic. This role exists only for backward compatibility.
The infostudio-admin-user role provides the privileges needed to handle CPF restart and resume unfinished Information Studio tasks in the event of an unexpected shutdown and restart of MarkLogic Server. When MarkLogic Server is restarted, long-running collectors resume loading documents in the database. In this situation, the original user that started the collector is unknown, so the purpose of the infostudio-admin user is to resume control of the collector.
######### 35.40 infostudio-internal
Information Studio is no longer a part of MarkLogic. This role exists only for backward compatibility.
The infostudio-user role is used by Information Studio to amp certain functions that Information Studio performs. You should not explicitly grant the infostudio-internal role to any user; it is only for internal use by Information Studio.
######### 35.41 infostudio-user
Information Studio is no longer a part of MarkLogic. This role exists only for backward compatibility.
The infostudio-user role is a minimally privileged role that is needed to use Information Studio. You must grant this role to all users who are allowed to access Information Studio.
The infostudio-user role has the following execute privileges:

Page 532

• infostudio (http://marklogic.com/xdmp/privileges/infostudio)

• unprotected-collections
######### 35.42 manage
The manage role has the execute privilege http://marklogic.com/xdmp/privileges/manage to run the Management API. For example, non-admin users can use manage role plus create-data-role or create-data-user granular privileges to manage roles and create data users.
|Name|Action URI| |---|---| | | | |manage|http://marklogic.com/xdmp/privileges/manage|
There are no default permissions associated with the manage role.
######### 35.43 manage-admin
The manage-admin role has the privileges related to accessing the management API and the tiered storage API for operations that change the configuration. The execute privileges given to the manage-admin role are:
|Name|Action URI| |---|---| | | | |manage|http://marklogic.com/xdmp/privileges/manage| |manage-admin|http://marklogic.com/xdmp/privileges/manage-admin| |ts:database-create-sub-database|http://marklogic.com/xdmp/privileges/database-create-sub-database| |ts:database-create-super-database|http://marklogic.com/xdmp/privileges/database-create-super-database| |ts:database-delete-sub-database|http://marklogic.com/xdmp/privileges/database-delete-sub-database| |ts:database-delete-sub-database|http://marklogic.com/xdmp/privileges/database-delete-super-database| |ts:database-partitions|http://marklogic.com/xdmp/privileges/database-partitions| |ts:forest-combine|http://marklogic.com/xdmp/privileges/forest-combine| |ts:forest-migrate|http://marklogic.com/xdmp/privileges/forest-migrate| |ts:partition-create|http://marklogic.com/xdmp/privileges/partition-create| |ts:partition-delete|http://marklogic.com/xdmp/privileges/partition-delete| |ts:partition-forests|http://marklogic.com/xdmp/privileges/partition-forests| |ts:partition-migrate|http://marklogic.com/xdmp/privileges/partition-migrate| |ts:partition-resize|http://marklogic.com/xdmp/privileges/partition-resize| |ts:partition-set-availability|http://marklogic.com/xdmp/privileges/partition-set-availability| |ts:partition-set-updates-allowed|http://marklogic.com/xdmp/privileges/partition-set-updates-allowed| |ts:partition-transfer|http://marklogic.com/xdmp/privileges/partition-transfer|
There are no default permissions associated with the manage-admin role.
######### 35.44 manage-admin-internal
The manage-admin-internal role is used to amp certain functions used by the Configuration Manager and the Management API. You should not explicitly grant the manage-admin-internal role to any user; it is only for internal use.
######### 35.45 manage-internal
The manage-internal role is used to amp certain functions used by the Configuration Manager. You should not explicitly grant the manage-internal role to any user; it is only for internal use.
######### 35.46 manage-user
The manage-user role has the privileges related to accessing the Configuration Manager. The execute privileges given to the manage-user role are:
|Name|Action URI| |---|---| | | | |manage|http://marklogic.com/xdmp/privileges/manage|
There are no default permissions associated with the manage-user role.
######### 35.47 merge
The merge role has the privileges related to forest merging. The execute privileges given to the merge role are:
|Name|Action URI| |---|---| | | | |xdmp:merge|http://marklogic.com/xdmp/privileges/xdmp-merge| |xdmp:merging|http://marklogic.com/xdmp/privileges/xdmp-merging|
There are no default permissions associated with the merge role.
######### 35.48 network-access
The network-access role has the privileges to run the xdmp:http-* functions (xdmp:http-get, xdmp:http-post, and so on). The execute privileges given to the network-access role are:
|Name|Action URI| |---|---| | | | |xdmp:http-get|http://marklogic.com/xdmp/privileges/xdmp-http-get| |xdmp:http-head|http://marklogic.com/xdmp/privileges/xdmp-http-head| |xdmp:http-options|http://marklogic.com/xdmp/privileges/xdmp-http-options| |xdmp:http-delete|http://marklogic.com/xdmp/privileges/xdmp-http-delete| |xdmp:http-post|http://marklogic.com/xdmp/privileges/xdmp-http-post| |xdmp:http-put|http://marklogic.com/xdmp/privileges/xdmp-http-put|
######### 35.49 pipeline-execution
The pipeline-execution role is used in the XQuery code to allow any user (who can write a document to the domain) to execute code in the pipeline.
For details, see the Content Processing Framework Guide guide.
35.50 pipeline-management
The pipeline-management role has the privileges to create and modify content processing pipelines. The pipeline-management role has no execute privileges associated with it, but it has the following default permissions:
35.51 pki The pki role has the privileges to use the PKI Library functions. For details, see Configuring SSL on App Servers in the Security Guide.
35.52 plugin-internal
The plugin-user role is used to amp certain functions associated with plugins. You should not explicitly grant the plugin-internal role to any user; it is only for internal use by the plugin API.
35.53 qconsole-internal
The qconsole-internal role is used by Query Console to amp certain functions that Query Console performs. You should not explicitly grant the qconsole-internal role to any user; it is only for internal use by Query Console.
35.54 qconsole-user
The qconsole-user role is a minimally privileged role that is needed to use Query Console. You must grant this role to all users who are allowed to use Query Console.
The qconsole-user role has the following execute privileges:
• qconsole (http://marklogic.com/xdmp/privileges/qconsole)
35.55 rest-admin
The rest-admin role has the rest-writer and manage-user roles and allows those granted the role full access to read and write via the REST API.
35.56 rest-admin-internal
|Role|Capability| |---|---| | | | |pipeline-management|Read| |pipeline-management|Update|
The rest-admin-internal role is used internally by the REST Library. You should not explicitly grant it to any user or role.
35.57 rest-extension-user The rest-extension-user role enables access to resource service extension methods. .

35.58 rest-internal
The rest-internal role is used internally by the REST Library. You should not explicitly grant it to any user or role.
35.59 rest-reader
The rest-reader role enables read operations through the MarkLogic REST API, such as retrieving documents and metadata.
35.60 rest-writer-internal
The rest-reader-internal role is used internally by the REST Library. You should not explicitly grant it to any user or role.
35.61 rest-writer
The rest-writer role enables write operations through the MarkLogic REST API, such as creating documents, metadata, or configuration information.
35.62 rest-reader-internal
The rest-writer-internal role is used internally by the REST Library. You should not explicitly grant it to any user or role.
35.63 search-internal
The search-internal role is a role that is used internally by the search API. You should not explicitly grant it to any user or role.
35.64 security
The security role has the privileges needed to perform security functions. The execute privileges given to the security role are:
|Name|Action URI| |---|---| | | | |amp-add-roles|http://marklogic.com/xdmp/privileges/amp-add-roles| |amp-get-roles|http://marklogic.com/xdmp/privileges/amp-get-roles| |amp-remove-roles|http://marklogic.com/xdmp/privileges/amp-remove-roles| |amp-set-roles|http://marklogic.com/xdmp/privileges/amp-set-roles| |any-collection|http://marklogic.com/xdmp/privileges/any-collection| |any-uri|http://marklogic.com/xdmp/privileges/any-uri| |collection-add-permissions|http://marklogic.com/xdmp/privileges/collection-add-permissions|
|Name|Action URI| |---|---| | | | |collection-get-permissions|http://marklogic.com/xdmp/privileges/collection-get-permissions| |collection-remove-permissions|http://marklogic.com/xdmp/privileges/collection-remove-permissions| |collection-set-permissions|http://marklogic.com/xdmp/privileges/collection-set-permissions| |create-amp|http://marklogic.com/xdmp/privileges/create-amp| |create-privilege|http://marklogic.com/xdmp/privileges/create-privilege| |create-role|http://marklogic.com/xdmp/privileges/create-role| |create-user|http://marklogic.com/xdmp/privileges/create-user| |get-amp|http://marklogic.com/xdmp/privileges/get-amp| |get-privilege|http://marklogic.com/xdmp/privileges/get-privilege| |get-role-ids|http://marklogic.com/xdmp/privileges/get-role-ids| |grant-all-roles|http://marklogic.com/xdmp/privileges/grant-all-roles| |grant-my-roles|http://marklogic.com/xdmp/privileges/grant-my-roles| |permission|http://marklogic.com/xdmp/privileges/permission| |privilege-add-roles|http://marklogic.com/xdmp/privileges/privilege-add-roles| |privilege-get-roles|http://marklogic.com/xdmp/privileges/privilege-get-roles| |privilege-remove-roles|http://marklogic.com/xdmp/privileges/privilege-remove-roles| |privilege-set-name|http://marklogic.com/xdmp/privileges/privilege-set-name| |privilege-set-roles|http://marklogic.com/xdmp/privileges/privilege-set-roles| |protect-collection|http://marklogic.com/xdmp/privileges/protect-collection| |remove-amp|http://marklogic.com/xdmp/privileges/remove-amp| |remove-privilege|http://marklogic.com/xdmp/privileges/remove-privilege| |remove-role|http://marklogic.com/xdmp/privileges/remove-role| |remove-role-from-amps|http://marklogic.com/xdmp/privileges/remove-role-from-amps| |remove-role-from-privileges|http://marklogic.com/xdmp/privileges/remove-role-from-privileges| |remove-role-from-roles|http://marklogic.com/xdmp/privileges/remove-role-from-roles| |remove-role-from-users|http://marklogic.com/xdmp/privileges/remove-role-from-users| |remove-user|http://marklogic.com/xdmp/privileges/remove-user| |role-add-roles|http://marklogic.com/xdmp/privileges/role-add-roles| |role-get-default-collections|http://marklogic.com/xdmp/privileges/role-get-default-collections| |role-get-default-permissions|http://marklogic.com/xdmp/privileges/role-get-default-permissions| |role-get-roles|http://marklogic.com/xdmp/privileges/role-get-roles| |role-privileges|http://marklogic.com/xdmp/privileges/role-privileges| |role-remove-roles|http://marklogic.com/xdmp/privileges/role-remove-roles| |role-set-default-collections|http://marklogic.com/xdmp/privileges/role-set-default-collections| |role-set-default-permissions|http://marklogic.com/xdmp/privileges/role-set-default-permissions| |role-set-description|http://marklogic.com/xdmp/privileges/role-set-description| |role-set-name|http://marklogic.com/xdmp/privileges/role-set-name| |role-set-roles|http://marklogic.com/xdmp/privileges/role-set-roles| |unprotect-collection|http://marklogic.com/xdmp/privileges/unprotect-collection|
|Name|Action URI| |---|---| | | | |user-add-roles|http://marklogic.com/xdmp/privileges/user-add-roles| |user-get-default-collections|http://marklogic.com/xdmp/privileges/user-gt-default-collections| |user-get-default-permissions|http://marklogic.com/xdmp/privileges/user-get-default-permissions| |user-get-description|http://marklogic.com/xdmp/privileges/user-get-description| |user-get-roles|http://marklogic.com/xdmp/privileges/user-get-roles| |user-privileges|http://marklogic.com/xdmp/privileges/user-privileges| |user-remove-roles|http://marklogic.com/xdmp/privileges/user-remove-roles| |user-set-default-collections|http://marklogic.com/xdmp/privileges/user-set-default-collections| |user-set-default-permissions|http://marklogic.com/xdmp/privileges/user-set-default-permissions| |user-set-description|http://marklogic.com/xdmp/privileges/user-set-description| |user-set-name|http://marklogic.com/xdmp/privileges/user-set-name| |user-set-password|http://marklogic.com/xdmp/privileges/user-set-password| |user-set-roles|http://marklogic.com/xdmp/privileges/user-set-roles| |xdmp:amp-roles|http://marklogic.com/xdmp/privileges/xdmp:amp-roles| |xdmp:privilege-roles|http://marklogic.com/xdmp/privileges/xdmp:privilege-roles| |xdmp:role-roles|http://marklogic.com/xdmp/privileges/xdmp:role-roles| |xdmp:user-roles|http://marklogic.com/xdmp/privileges/xdmp:user-roles|
Default permissions for the security role are:
|Role|Capability| |---|---| | | | |security|Read| |security|Insert| |security|Update|
35.65 tde-admin The tde-admin role has the privileges to administer extraction templates.

35.66 tde-view The tde-view role has the privileges to view extraction templates.

35.67 temporal-admin The temporal-admin role has the privileges to create and modify temporal data.

35.68 temporal-internal The temporal-internal role is an internal role. Do not assign this role to any user.
35.69 trigger-management
The trigger-management role has the privileges to create and modify triggers. The trigger-management role has no execute privileges associated with it. This role has the following default permissions:
35.70 view-admin The view-admin role enables a user to view MarkLogic Server administration.

35.71 view-admin-internal
The view-admin-internal role is used internally by the MarkLogic Server. Do not explicitly grant it to any user or role.
35.72 welcome-internal
The welcome-internal role is a role that used to be used internally by the MarkLogic Server Welcome Page (now removed). Do not explicitly grant it to any user or role.
35.73 xa
The xa user role allows creation and management of one’s own XA transaction branches in MarkLogic Server. The xa role is required to participate in XA transactions. For details, see Participating in XA Transactions in the XCC Developer’s Guide. The xa role has the following execute privileges:
35.74 xa-admin The xa-admin role allows creation and manage of any user’s XA transaction branches in
|Role|Capability| |---|---| | | | |trigger-management|Read| |trigger-management|Update|
|Name|Action URI| |---|---| | | | |complete-my-transaction|http://marklogic.com/xdmp/privileges/complete-my-transactions| |forget-my-xa-transactions|http://marklogic.com/xdmp/privileges/forget-my-xa-transactions| |prepare-my-xa-transactions|http://marklogic.com/xdmp/privileges/prepare-my-xa-transactions| |status-builtins|http://marklogic.com/xdmp/privileges/status-builtins| |xdmp:set-current-transaction|http://marklogic.com/xdmp/privileges/set-current-transaction| |xdmp:transaction-create|http://marklogic.com/xdmp/privileges/xdmp-transaction-create| |xdmp:transaction-create-xid|http://marklogic.com/xdmp/privileges/xdmp-transaction-create-xid|
MarkLogic Server. The xa-admin role is intended primarily for Administrators who need to complete or forget XA transactions. The xa-admin role has the following execute privileges:
|Name|Action URI| |---|---| | | | |complete-any-transactions|http://marklogic.com/xdmp/privileges/complete-any-transactions| | | | |complete-my-transaction|http://marklogic.com/xdmp/privileges/complete-my-transactions| |forget-any-xa-transactions|http://marklogic.com/xdmp/privileges/forget-any-xa-transactions| |forget-my-xa-transactions|http://marklogic.com/xdmp/privileges/forget-my-xa-transactions| |prepare-any-xa-transactions|http://marklogic.com/xdmp/privileges/prepare-any-xa-transactions| |prepare-my-xa-transactions|http://marklogic.com/xdmp/privileges/prepare-my-xa-transactions| |status-builtins|http://marklogic.com/xdmp/privileges/status-builtins| |xdmp:set-current-transaction|http://marklogic.com/xdmp/privileges/set-current-transaction| |xdmp:transaction-create|http://marklogic.com/xdmp/privileges/xdmp-transaction-create| |xdmp:transaction-create-xid|http://marklogic.com/xdmp/privileges/xdmp-transaction-create-xid|
######### 35.75 xinclude
The xinclude role provides the privileges to run the XInclude code used in the XInclude CPF application. For details, see Reusing Content With Modular Document Applications in the Application Developer’s Guide.
##### 36.0 Technical Support
MarkLogic provides technical support according to the terms detailed in your Software License Agreement or End User License Agreement.
We invite you to visit our support website at http://help.marklogic.com to access information on known and fixed issues, knowledge base articles, and more. For licensed customers with an active maintenance contract, see the Support Handbook for instructions on registering support contacts and on working with the MarkLogic Technical Support team.
Complete product documentation, the latest product release downloads, and other useful information is available for all developers at http://developer.marklogic.com. For technical questions, we encourage you to ask your question on Stack Overflow.
##### 37.0 Copyright
MarkLogic Server 10.0 and supporting products. Last updated: February, 2022
Copyright © 2022 MarkLogic Corporation. All rights reserved. This technology is protected by U.S. Patent No. 7,127,469B2, U.S. Patent No. 7,171,404B2, U.S. Patent No. 7,756,858 B2, and U.S. Patent No 7,962,474 B2, US 8,892,599, and US 8,935,267.
The MarkLogic software is protected by United States and international copyright laws, and incorporates certain third party libraries and components which are subject to the attributions, terms, conditions and disclaimers set forth below.
For all copyright notices, including third-party copyright notices, see the Combined Product Notices for your version of MarkLogic.

Admin Login Details For 10 10 10 254

Ask AI

Common Questions

Full Manual

More from Admin

Similar Unknown

Admin Login Details For 10 10 10 254

Ask AI

Common Questions

Full Manual

MarkLogic Server

Administrator’s Guide

of fragments in a stand total # of fragments in all other smaller stands in the forest

Super-cluster

This is a bold title.

More from Admin

Similar Unknown