Default Permissions
When a document is created, it is initialized with a set of permissions. If permissions are not explicitly set (by using xdmp:document-load() or xdmp:document-insert(), for example), then the permissions are set to the default permissions. The default permissions are determined based on the roles assigned (both explicitly and inherited from roles assigned to other roles) to the user who creates the document and on any default permissions assigned directly to the user.
If users are creating documents in a database, it is important to configure default permissions for the roles assigned to that user. Without default permissions, it is easy to create documents that no users (except those with the admin role) can read, update, or delete.