Create Roles
Carly sets up some roles, can-update, can-read, group-all, group-engineering, and group-finance, by running this code against the Security database:
xquery version "1.0-ml";
import module namespace sec="http://marklogic.com/xdmp/security"
at "/MarkLogic/security.xqy";
(: Uncompartmented roles can-read and can-update for compartment setup :)
sec:create-role("can-read", "General read", (), (), ()),
sec:create-role("can-update", "General update", (), (), ()),
(: Compartment role group-all for compartment permissions :)
sec:create-role("group-all", "All groups.", (), (), (), "compartment-group"),
sec:create-role("group-engineering", "Engineering.",
(), (), (),"compartment-group", (),
map:map()=>map:with(
"node-update", cts:not-query(cts:element-query(xs:QName("price"), cts:true-query()))
)=>map:with(
"read", cts:element-query(xs:QName("feature"),cts:true-query())
)
),
sec:create-role("group-finance", "Finance.",
(), (), (), "compartment-group", (),
map:map()=>map:with(
"node-update", cts:element-query(xs:QName("price"), cts:true-query())
)=>map:with(
"read", cts:element-query(xs:QName("price"), cts:true-query())
)
);
xquery version "1.0-ml";
import module namespace sec="http://marklogic.com/xdmp/security"
at "/MarkLogic/security.xqy";
sec:create-user("Mike", "Contractor", "Mike",
("can-read"), (), (), (),
map:map()=>map:with(
"read",cts:element-query(xs:QName("metadata"),
cts:element-word-query(xs:QName("group"), "group-all"))
)
)