Loading TOC...

sec.roleRemoveRoles

sec.roleRemoveRoles(
   $role-name as String,
   $role-names as String[]
) as null

Summary

Removes the roles ($role-names) from the set of roles included by the role ($role-name).

If a role with name equal to $role-name is not found, an error is returned.

If one of $role-names does not correspond to an existing role, an error is returned.

If the current user is limited to granting only his/her roles, and $old-role is not a subset of the current user's roles, then an error is returned.

Parameters
$role-name The name of a role.
$role-names The name of the roles to remove from the role.

Required Privileges

http://marklogic.com/xdmp/privileges/role-remove-roles
and for role removal:
http://marklogic.com/xdmp/privileges/grant-all-roles or
http://marklogic.com/xdmp/privileges/grant-my-roles

Usage Notes

This function must be executed against the security database.

Example


// execute this against the security database

declareUpdate(); 
const sec = require('/MarkLogic/security.xqy');
   
sec.roleRemoveRoles("Contractor", ("Developer", "alert-internal"))

// Removes the "Developer" and "alert-internal" roles from the "Contractor" role.  

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.