Combination Security Example
More roles does not mean the total number of roles. It means that one set of roles is a superset of the other. The smaller set of roles is considered stronger. Consider the following examples:
Note that in example 1, element level protection is more restrictive than the document level protection. With compartment security, it’s more complicated. The security level that has the most compartments wins, because more compartments means that access is more restrictive.
When element security is weaker than the document security, MarkLogic Server will index the content based on the document level security. MarkLogic Server lets the document level security protect it.
If the element is considered stronger, then content won’t be visible without the correct query rolesets. If the element is weaker, then MarkLogic Server will return the element as part of a query (with the correct document level permissions).