This resource address creates a new role in the security database.
URL Parameters | |
---|---|
format | The format of the posted data. Can be either
html , json , or xml (default). This value overrides
the Accept header if both are present. |
Upon success, or if the role already exists, MarkLogic Server returns status code 201 (Created). If the payload is malformed, a status code of 400 (Bad Request) is returned. A status code of 401 (Unauthorized) is returned if the user does not have the necessary privileges.
manage-admin
and security
rolehttp://marklogic.com/xdmp/privileges/manage
http://marklogic.com/xdmp/privileges/manage-admin
http://marklogic.com/xdmp/privileges/create-role
http://marklogic.com/xdmp/privileges/privilege-add-roles
manage
role, http://marklogic.com/xdmp/privileges/manage
plus the following granular privileges:
http://marklogic.com/xdmp/privileges/create-data-role
http://marklogic.com/xdmp/privileges/role/inherit/role-ID
http://marklogic.com/xdmp/privileges/grant-my-privileges
The structure of the data in the request body is shown here. The role-name
property is required. The compartment
property cannot be changed after
creation. The queries
property was added since 10.0-7.
Note: The properties described here are for XML payloads. In general they are the same for
JSON, with the exception that, in JSON, roles
, permissions
,
privileges
, collections
, and queries
are
expressed in singular form. For example, in JSON, roles
is instead
role
and the format is: "role":["rolename"]
. Please pay
special attention that the singular form of queries
is
capability-query
.
role-name
description
compartment
external-names
This is a complex structure with the following children:
external-name
roles
This is a complex structure with the following children:
role
permissions
This is a complex structure with the following children:
permission
This is a complex structure with the following children:
role-name
capability
privileges
This is a complex structure with the following children:
privilege
This is a complex structure with the following children:
privilege-name
action
kind
collections
This is a complex structure with the following children:
collection
queries
This is a complex structure with the following children:
capability-query
This is a complex structure with the following children:
capability
query
This is a complex structure with the following children:
cts:query
curl -X POST -i --digest -u admin:admin -H "Content-Type:application/json" \ -d '{"role-name":"engineer"}' http://localhost:8002/manage/v2/roles ==> Creates a role, named "engineer," in the Security database.
// JSON payload example for creating a role with queries. $ cat payload.json { "role-name":"region-EMEA", "description":"Can see region EMEA documents.", "compartment":"compartment-region", "capability-query":[{ "capability":"read", "query": { "elementQuery": { "element": ["metadata"], "query": { "elementWordQuery": { "element": ["region"], "text": ["EMEA"], "options": ["lang=en"] } } } } }] } curl -X POST -i --digest -u admin:admin -H "Content-Type:application/json" \ -d @payload.json http://localhost:8002/manage/v2/roles ==> Creates a role, named "region-EMEA", with compartment "compartment-region", with role queries for "read", in the Security Database.
(: XML payload for creating a role with queries :) $ cat payload.xml <role-properties xmlns="http://marklogic.com/manage/role/properties"> <compartment>compartment-region</compartment> <role-name>region-EMEA</role-name> <description>Can see region EMEA documents.</description> <queries> <capability-query> <capability>read</capability> <query> <cts:element-query xmlns:cts="http://marklogic.com/cts"> <cts:element>metadata</cts:element> <cts:element-word-query> <cts:element>region</cts:element> <cts:text xml:lang="en">EMEA</cts:text> </cts:element-word-query> </cts:element-query> </query> </capability-query> </queries> </role-properties> curl -X POST -i --digest -u admin:admin -H "Content-Type:application/xml" \ -d @payload.xml http://localhost:8002/manage/v2/roles ==> Creates a role, named "region-EMEA", with compartment "compartment-region", with role queries for "read", in the Security Database.
Stack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.