URI Privileges
A URI Privilege grants authorization to create documents under a protected URI. That is, a URI privilege specifies the roles that are allowed to create documents with the protected URI as the base URI (prefix) in the document URI. Roles that inherit from the specified roles can also create the documents under the protected URI.
Unlike an execute privilege, where xdmp:security-assert()
needs to be called explicitly to protect a function, a URI privilege is automatically enforced. When xdmp:document-insert()
is called, the system checks the base URIs (prefix) of the document URI specified to see if they might be protected by a URI privilege. If the base URI has an associated URI privilege, it checks the roles of the user to see if any of the user’s roles gives the user authorization to create the document within the protected base URI. If the user has the requisite authorization, the document is inserted into the database. Otherwise, an exception is thrown.
Use the procedures in this section to create, manage and maintain URI privileges.
Note
Any URI privileges applied to the Security database affect every database that uses it.