XQuery sec:amp-remove-roles

MarkLogic 10 Product Documentation
sec.ampRemoveRoles

sec.ampRemoveRoles(
   namespace as String,
   local-name as String,
   document-uri as String,
   database as (Number|String),
   role-names as String[]
) as null

Summary

Removes a role ($role-name) from the set of roles included by the amp ($namespace, $local-name, $document-uri).

Parameters
namespace Namespace of the function to which the amp applies.
local-name Name of function to which the amp applies.
document-uri URI of the document in which the function is located.
database Database ID in which the module is located. If the module is on the filesystem (in the Modules directory), specify xs:unsignedLong(0).
role-names Roles that should be temporarily assumed while the amp is in effect.

Required Privileges

http://marklogic.com/xdmp/privileges/amp-remove-roles
and for role removal:
http://marklogic.com/xdmp/privileges/grant-all-roles or
http://marklogic.com/xdmp/privileges/grant-my-roles

Usage Notes

If one of $role-names does not correspond to an existing role, an error is returned.

If an amp idnetified by ($namespace, $local-name, $document-uri) is not found then an error is returned.

If the current user is limited to granting only his/her roles, and $role-name is not a subset of the current user's roles, then an error is returned.

This function must be executed against the security database.

Example


// execute this against the security database

declareUpdate();   
const sec = require('/MarkLogic/security.xqy');
  
sec.ampRemoveRoles(
    "http://marklogic.com/my_modules/myspace",
    "my-amp",
    "/MarkLogic/MyModule.xqy",
    0,
    "Developer")

// Removes the "Developer" role from the list of roles granted to the "my-amp" amp.
Powered by MarkLogic Server | Terms of Use | Privacy Policy