Node Update Capabilities
Node update capabilities allow you to update document content by node. At the document level xdmp:document-delete() and xdmp:document-insert() can still be used if you have update capabilities, but node-update provides a finer control when combined with element level security. The node-update capability exists at the document level and at the element level. At the document level, if you have the node-update capability you can call xdmp:node-replace() and xdmp:node-delete() to modify nodes in a document, but not xdmp:document-delete() or xdmp:document-insert(). All of the node update built-ins take element level permissions into consideration.
Note that node-update, just like insert, can be seen as a subset of update, meaning that if a role has the update capability, it automatically gets the node-update capability as well.
If you have the update capability at the document level, you can call xdmp:document-insert(), xdmp:document-delete(), and all node-update functions. When you have the update capability at the document level, the element level security for update will not be checked, it is effectively “turned off”. If you have the node-update capability, you can only call all node-update functions for that node.