Loading TOC...

sec.ampSetRoles

sec.ampSetRoles(
   $namespace as String,
   $local-name as String,
   $document-uri as String,
   $database as (Number|String),
   $role-names as String[]
) as null

Summary

Assigns the amp identified by $namespace, $local-name and $document-uri to have the roles identified by $roles-names. Removes previously assigned roles.

If an amp with the given identifiers does not exist, an error is returned.

If a role name in $role-names does not correspond to an existing role, an error is returned.

If $role-names is the empty sequence, all roles assigned to the amp are removed.

If the current user is limited to granting only his/her roles, and $role-names is not a subset of the current user's roles, then an error is returned.

Parameters
$namespace Namespace of the function to which the amp applies.
$local-name Name of function to which the amp applies.
$document-uri URI of the document in which the function is located.
$database Database ID in which the module is located. If the module is on the filesystem (in the Modules directory), specify xs:unsignedLong(0).
$role-names Roles that should be temporarily assumed while the amp is in effect.

Required Privileges

http://marklogic.com/xdmp/privileges/amp-set-roles
and for role assignment:
http://marklogic.com/xdmp/privileges/grant-all-roles or
http://marklogic.com/xdmp/privileges/grant-my-roles

Usage Notes

This function must be executed against the security database.

Example


// execute this against the security database

declareUpdate();  
const sec = require('/MarkLogic/security.xqy');
   
sec.ampSetRoles(
    "http://marklogic.com/my_modules/myspace",
    "my-amp",
    "/MarkLogic/MyModule.xqy",
    0,
    ["Developer", "Temporary"])
 
// Sets the "Developer" and "Temporary" rolea as the roles granted to the "my-amp" amp. 
   Any other roles previously in the list are removed. 
   

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.