Namespaces as Part of a Protected Path
Both namespaces and prefixes can be used as part of a protected path. For instance, this simple example uses the namespace “ex” as part of the protected path:
(: add protected paths -> run against the Security database :)
xquery version "1.0-ml";
import module namespace sec = "http://marklogic.com/xdmp/security"
at "/MarkLogic/security.xqy";
declare namespace ex = "http://marklogic.com/example";
let $role := "role-4"
return
sec:protect-path(
"/ex:envelope/ex:instance/employee/salary",
(let $prefix := "ex",$namespace-uri :=
"marklogic.com/example"
return
sec:security-path-namespace($prefix, $namespace-uri)),
(xdmp:permission($role, "read"))
)
For simple cases, you can also specify a namespace as part of a protected path when configuring protected paths in the Admin Interface.
You can also specify a namespace when using the helper functions xdmp:database-node-query-rolesets() and xdmp:node-query-rolesets(). See page Helper Functions for Query Rolesets for more info.