MarkLogic 10 Product Documentationsec.roleSetRoles
sec.roleSetRoles( role-name as String, role-names as String[] ) as null
Summary
Assigns roles (named $role-names) to be the set of included roles for the
role ($role-name). Removes previously assigned roles.
If a role with name equal to $role-name is not found, an error is
returned.
If a role name in $role-names does not correspond to an existing role,
an error is returned.
If $role-names is the empty sequence, all included roles for the role are
removed.
If the current user is limited to granting only his/her roles,
and $role-names is not a subset of the current user's roles, then an error
is returned.
| Parameters | |
|---|---|
| role-name | The name of a role. |
| role-names | A sequence containing the names of roles to assign to $role-name. |
Required Privileges
http://marklogic.com/xdmp/privileges/role-set-roles and for role assignment ($role-names not empty sequence):
http://marklogic.com/xdmp/privileges/grant-all-roles orhttp://marklogic.com/xdmp/privileges/grant-my-roles
Usage Notes
This function must be executed against the security database.
Example
// execute this against the security database
declareUpdate();
const sec = require('/MarkLogic/security.xqy');
sec.roleSetRoles("Contractor", [Developer", "alert-internal"])
// Assigns the "Developer" and "alert-internal" roles to the "Contractor"
role and removes any other roles previously assigned to "Contractor."