Hi Steve,
I wrote the following functions a while back to do just that:
(: There is unfortunately no nice way to retrieve a list of all user
id's.. :)
declare function lib:user-names() as xs:string* {
lib:user-names(xdmp:security-database())
};
declare function lib:user-names($security-database as xs:unsignedLong) as
xs:string* {
xdmp:eval(
'
xquery version "1.0-ml";
import module namespace sec =
"http://marklogic.com/xdmp/security"; at "/MarkLogic/security.xqy";
collection(sec:users-collection())//sec:user-name/string(.)
',
(),
<options xmlns="xdmp:eval">
<isolation>different-transaction</isolation>
<database>{$security-database}</database>
</options>
)
};
There are a number of improvements possible though, or even necessary:
I hadn't bothered yet to do security-asserts, but you should do so. The
security modules uses statements like this:
let $assert :=
xdmp:security-assert(
"http://marklogic.com/xdmp/privileges/create-user";,
"execute")
I'd recommend creating a new privilege for this, and assigning that to the
user that runs the code.
Next, you should not give that same user the eval privilege, but amp the
above functions to allow them to use it.
You also might reconsider the isolation property of xdmp:eval. I had a
particular case where I wanted to call lots of security and admin stuff
consecutively, but that might not be necessary for you.
Kind regards,
Geert
> -----Oorspronkelijk bericht-----
> Van: general-boun...@developer.marklogic.com [mailto:general-
> boun...@developer.marklogic.com] Namens Michael Blakeley
> Verzonden: vrijdag 6 april 2012 21:49
> Aan: MarkLogic Developer Discussion
> Onderwerp: Re: [MarkLogic Dev General] Retrieving a list of users
>
> Also take a look at Modules/MarkLogic/security.xqy to see how the
engineers
> think those document should be queried. For example, there appears to be
a
> security-collection to which all the security documents belong, a users-
> collection for users, etc.
>
> -- Mike
>
> On 6 Apr 2012, at 12:37 , Steve Carton wrote:
>
> > Thanks - this is just what I was after...
> >
> > On 4/6/2012 2:49 PM, Harry B. wrote:
> >> I should have added this snippet for Query Console...run it with the
Security
> database as the content source:
> >>
> >> fn:collection()/sec:user
> >>
> >> That XML that is returned are all the user records.
> >>
> >>
> >>
> >> On Fri, Apr 6, 2012 at 12:46 PM, Harry B. <dna...@gmail.com> wrote:
> >> When I've done this, I use queries against the Security database to
get the
> info. You can use Query Console to get a handle on how data is
structured in the
> Security DB and I found great success with just using Xpath queries.
> >>
> >> One thing I found difficult to do was distinguish app/real users from
system
> accounts, etc. The way I dealt with this was to add xml to the
sec:password-
> extra element that contained user details, what applications they are
users for,
> etc. The only downside, if it is one, is that you have to invoke these
queries
> against the Security DB...
> >>
> >> I can give you some code examples, etc. if you have specific
questions.
> >>
> >> Harry
> >>
> >> On Fri, Apr 6, 2012 at 12:26 PM, Steve Carton <st...@chesbay.net>
wrote:
> >> Hi -
> >>
> >> I need to develop a web-based GUI that will allow an admin user to
> >> easily manage users of a web application. The desire is to have this
> >> limited admin GUI available and integrated into a larger XQuery-based
> >> web interface. I see functions to create, delete and modify Marklogic
> >> users, but I don't see a way to get a list of them. Is there such a
> >> function? Or, is there a way to query the security database to get
such
> >> a list?
> >>
> >> Thanks,
> >>
> >> Steve Carton
> >> _______________________________________________
> >> General mailing list
> >> General@developer.marklogic.com
> >> http://developer.marklogic.com/mailman/listinfo/general
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> General mailing list
> >>
> >> General@developer.marklogic.com
> >> http://developer.marklogic.com/mailman/listinfo/general
> > _______________________________________________
> > General mailing list
> > General@developer.marklogic.com
> > http://developer.marklogic.com/mailman/listinfo/general
>
> _______________________________________________
> General mailing list
> General@developer.marklogic.com
> http://developer.marklogic.com/mailman/listinfo/general
_______________________________________________
General mailing list
General@developer.marklogic.com
http://developer.marklogic.com/mailman/listinfo/general
