Understanding Element Level Security
Elements of a document can be protected from being viewed as part of a query or XPath expression, or from being updated by a user, unless that user has the appropriate role. You specify that an element is part of a protected path by adding the path to the Security database. You also then add the appropriate role to a query roleset, which is also added to the Security database.
Element level security uses query rolesets to determine which elements will appear in query results. If a query roleset does not exist with the associated role that has permissions on the path, the role cannot view the contents of that path.
Note
A user with admin privileges can access documents with protected elements by using fn:doc() to retrieve documents (instead of using a query). To see protected elements as part of query results, however, a user needs the appropriate role(s).