Protected Collections
A collection groups a set of documents that are related and enables queries to target subsets of documents within a database efficiently. A document may belong to any number of collections simultaneously. A collection exists in the system when a document in the system states that it is part of that collection.
A protected collection is one for which only authorized users can associate documents with the collection. When you create a protected collection, an associated protection collection object is created and stored in the security database.
You must understand the following key concepts and limitations of protected collections:
A protected collection dictates who can add documents to the collection. It provides no other access control.
A protected collection does not control access to the documents in the collection. Use document permissions for this purpose.
Only users with a role that has update permissions for the collection can add documents to the collection or use explicit collection operations such as
xdmp.documentRemoveCollectionsto remove a document from a protected collection.A user with update permissions on a document can remove the document from a protected collection by reinserting the document with a different set of collections.
Use these procedures in this section to create, manage, and maintain collections.