Loading TOC...

POST /manage/v2/roles

Summary

This resource address creates a new role in the security database.

URL Parameters
format The format of the posted data. Can be either html, json, or xml (default). This value overrides the Accept header if both are present.
Request Headers
Accept The expected MIME type of the request body. If the format? parameter is present, it takes precedence over the Accept header.
Content-type The MIME type of the data in the request body. Depending upon the value of the format parameter or Accept header, one of application/xml, application/json, or text/html.
Response Headers
Content-type The MIME type of the data in the response body. Depending upon the value of the format parameter or Accept header, one of application/xml, application/json, or text/html.
Location If the request causes a restart, a Location header is included in the reponse. The header contains a path with which to construct a URL to usable to test when the restart has completed.

Response

Upon success, or if the role already exists, MarkLogic Server returns status code 201 (Created). If the payload is malformed, a status code of 400 (Bad Request) is returned. A status code of 401 (Unauthorized) is returned if the user does not have the necessary privileges.

Required Privileges

This operation requires one of the following:

Usage Notes

The structure of the data in the request body is shown here. The role-name property is required. The compartment property cannot be changed after creation. The queries property was added since 10.0-7.

Note: The properties described here are for XML payloads. In general they are the same for JSON, with the exception that, in JSON, roles, permissions, privileges, collections, and queries are expressed in singular form. For example, in JSON, roles is instead role and the format is: "role":["rolename"]. Please pay special attention that the singular form of queries is capability-query.

role-name

The Role name (unique)

description

An object's description.

compartment

The compartment that this role is part of.

external-names

The external names specifications.

This is a complex structure with the following children:

external-name

The name used to match external group name.

roles

The roles assigned. The roles assigned to the user.

This is a complex structure with the following children:

role

A role identifier (unique key).

permissions

The default set of permissions used in document creation.

This is a complex structure with the following children:

permission

Permission representation.

This is a complex structure with the following children:

role-name

The Role name (unique)

capability

The action/task permitted by a permission

privileges

A list of privileges.

This is a complex structure with the following children:

privilege

A privilege.

This is a complex structure with the following children:

privilege-name

Privilege name (unique)

action

A URI to protect.

kind

A protected "action" (or object).

collections

The default set of collections used in document creation.

This is a complex structure with the following children:

collection

The collection uri.

queries

This is a complex structure with the following children:

capability-query

This is a complex structure with the following children:

capability

The action/task permitted by a permission

query

This is a complex structure with the following children:

cts:query

Example


curl -X POST -i --digest -u admin:admin -H "Content-Type:application/json" \
-d '{"role-name":"engineer"}' http://localhost:8002/manage/v2/roles

==>  Creates a role, named "engineer," in the Security database.

Example


// JSON payload example for creating a role with queries.

$ cat payload.json

{
  "role-name":"region-EMEA", 
  "description":"Can see region EMEA documents.", 
  "compartment":"compartment-region", 
  "capability-query":[{
    "capability":"read", 
    "query": {
      "elementQuery": {
        "element": ["metadata"], 
        "query": {
          "elementWordQuery": {
            "element": ["region"], 
            "text": ["EMEA"], 
            "options": ["lang=en"]
          }
        }
      }
    }
  }]
}
  
curl -X POST -i --digest -u admin:admin -H "Content-Type:application/json" \
-d @payload.json http://localhost:8002/manage/v2/roles

==> Creates a role, named "region-EMEA", with compartment "compartment-region",
with role queries for "read", in the Security Database.

Example


(: XML payload for creating a role with queries :)

$ cat payload.xml

<role-properties xmlns="http://marklogic.com/manage/role/properties">
  <compartment>compartment-region</compartment>
  <role-name>region-EMEA</role-name>
  <description>Can see region EMEA documents.</description>
  <queries>
    <capability-query>
      <capability>read</capability>
      <query>
        <cts:element-query xmlns:cts="http://marklogic.com/cts">
          <cts:element>metadata</cts:element>
          <cts:element-word-query>
            <cts:element>region</cts:element>
            <cts:text xml:lang="en">EMEA</cts:text>
          </cts:element-word-query>
        </cts:element-query>
      </query>
    </capability-query>
  </queries>
</role-properties>

curl -X POST -i --digest -u admin:admin -H "Content-Type:application/xml" \
-d @payload.xml http://localhost:8002/manage/v2/roles

==> Creates a role, named "region-EMEA", with compartment "compartment-region",
with role queries for "read", in the Security Database.

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.