MarkLogic Server 11.0 Product Documentation
sec.createRole

sec.createRole(
   role-name as String,
   description as String?,
   role-names as String[],
   permissions as element(sec.permission)[],
   collections as String[],
   [compartment as String?],
   [external-names as String[]],
   [queries as Object]
) as (Number|String)

Summary

Creates a new role in the system database for the context database.

If $role-name is not unique, an error is returned.

If one of the $role-names does not identify a role, an error is returned.

If the current user is limited to granting only his/her roles, and $role-names is not a subset of the current user's roles, then an error is returned.

Returns the role-id.

Parameters
role-name The name of the role to be created.
description A description of the role to be created.
role-names A sequence of role names to which the role is assigned.
permissions The default permissions for the role.
collections The default collections for the role.
compartment The compartment to assign to the role.
external-names The external names for the role. Or an empty sequence, if no external names are used.
queries A map from capabilities (read, update, node-update, and execute) to cts queries of the role.

Required Privileges

http://marklogic.com/xdmp/privileges/create-role or create-data-role
and for role assignment:
http://marklogic.com/xdmp/privileges/grant-all-roles or
http://marklogic.com/xdmp/privileges/grant-my-roles
and, for creating roles with queries:
http://marklogic.com/xdmp/privileges/role-set-queries

Usage Notes

This function must be executed against the security database.

Example


// execute this against the security database.
declareUpdate(); 
const sec = require('/MarkLogic/security.xqy');

sec.createRole(
    "Temporary",
    "Temporary worker access",
    ["filesystem-access"],
    [],
    ["testDocument"])
   
// Creates a new role, named "Temporary," with the default collection, 
// named testDocument.   
  

Example


// execute this against the security database.
declareUpdate(); 
const sec = require('/MarkLogic/security.xqy');
    
sec.createRole(
  "region-NA", 
  "Can see NA documents.",
  [], [], [], "compartment-region", [], 
  {
    "read":cts.elementQuery(xs.QName("metadata"), 
      cts.elementWordQuery(xs.QName("region"), "region-NA"))
  }
) 

// Creates a new role, named "region-NA", and with compartment 
// "compartment-region". "region-NA" has role queries which allow any users with
// this role to read documents that have "region-NA" in the metadata.  
  
Powered by MarkLogic Server | Terms of Use | Privacy Policy