Loading TOC...

MarkLogic Server 11.0 Product Documentation
es.piiGenerate

es.piiGenerate(
   model as Object
) as Node

Summary

This function is deprecated and will be removed in a future release.
Generate an Element Level Security configuration artifact for controlling access to entity properties designated as PII in the model.

Parameters
model A valid basic model.

Usage Notes

The security configuration artifact generated by this function can be used with the Configuration Management API (v3 or later) to define Element Level Security (ELS) protected paths for each entity property designated as PII in the model. The configuration grants read access only to users with the "pii-reader" role. This role is pre-defined by MarkLogic. You must deploy the resulting configuration before your PII access controls can take effect.

See Also

Example

const es = require('/MarkLogic/entity-services/entity-services');

es.piiGenerate( es.modelValidate(
  { info: {
    title: 'People',
    description: 'People Example',
    version: '4.0.0'
  },
  definitions: {
    Person: {
      properties: {
        id: { datatype: 'int' },
        name: { datatype: 'string' },
        bio: { datatype: 'string' },
        rating: { datatype: 'float' }
      },
      required: ['name'],
      primaryKey: 'id',
      pii: ['name', 'bio']
  }}}
));

// Returns the following ELS configuration artifact:
//
// {"name":"People-4.0.0", 
//   "desc":"A policy that secures name,bio of type Person", 
//   "config":{
//     "protected-path":[
//       {"path-expression":"/envelope//instance//Person/name", 
//        "path-namespace":[], 
//        "permission":{"role-name":"pii-reader", "capability":"read"}}, 
//       {"path-expression":"/envelope//instance//Person/bio", 
//        "path-namespace":[], 
//        "permission":{"role-name":"pii-reader", "capability":"read"}}
//     ], 
//     "query-roleset":{"role-name":["pii-reader"]}
//   }
// }
  

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.