MarkLogic 10 Product Documentationsec:create-privilege
sec:create-privilege( $privilege-name as xs:string, $action as xs:string, $kind as xs:string, $role-names as xs:string* ) as xs:unsignedLong
Summary
Creates a new privilege and returns the new privilege-id.
For execute privileges,
the privilege is initially nothing more than a name. Use the
xdmp:security-assert()
function in your code to associate the privilege with a protected operation.
For URI privileges, the $action parameter identifies the
base URI to be protected. Users must have this privilege to access any of the
documents or code under the specified URI.
If $action is not unique, an error is returned.
If $kind is not one of ("execute", "uri") then en error is
returned.
If one of the $role-names names a role that does not exist, an error
is returned.
If the current user is limited to granting only his/her roles,
and $role-names is not a subset of the current user's roles, then an
error is returned.
Required Privileges
http://marklogic.com/xdmp/privileges/create-privilege and for role assignment:
http://marklogic.com/xdmp/privileges/grant-all-roles orhttp://marklogic.com/xdmp/privileges/grant-my-roles
Usage Notes
This function must be executed against the security database.
Example
(: execute this against the security database :)
xquery version "1.0-ml";
import module namespace sec="http://marklogic.com/xdmp/security" at
"/MarkLogic/security.xqy";
sec:create-privilege("mypriv",
"http://marklogic.com/xdmp/privileges/mypriv",
"execute",
"Developer")
(: Creates an execute privilege, named "mypriv," and assigns it to the
"Developer" role. :)
Stack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.