MarkLogic Server 11.0 Product Documentation
sec:amp-add-roles

sec:amp-add-roles(
   $namespace as xs:string,
   $local-name as xs:string,
   $document-uri as xs:string,
   $database as xs:unsignedLong,
   $role-names as xs:string*
) as empty-sequence()

Summary

Adds the roles ($role-names) to the list of roles granted to the amp ($namespace, $local-name, $document-uri).

Parameters
namespace Namespace of the function to which the amp applies.
local-name Name of function to which the amp applies.
document-uri URI of the document in which the function is located.
database Database ID in which the module is located. If the module is on the filesystem (in the Modules directory), specify xs:unsignedLong(0).
role-names Roles that should be temporarily assumed while the amp is in effect.

Required Privileges

http://marklogic.com/xdmp/privileges/amp-add-roles
and for role assignment:
http://marklogic.com/xdmp/privileges/grant-all-roles or
http://marklogic.com/xdmp/privileges/grant-my-roles

Usage Notes

If an amp with the given identifiers ($namespace, $local-name, $document-uri) is not found, an error is returned.

If one of $role-names does not correspond to an existing role, an error is returned.

If the current user is limited to granting only his/her roles, and $role is not a subset of the current user's roles, then an error is returned.

This function must be executed against the security database.

Example


(: execute this against the security database :)
xquery version "1.0-ml";
import module namespace sec="http://marklogic.com/xdmp/security" at 
    "/MarkLogic/security.xqy";

sec:amp-add-roles(
    "http://marklogic.com/my_modules/myspace",
    "my-amp",
    "/MarkLogic/MyModule.xqy",
    0,
    "Contractor")

(: Adds the "Contractor" role to the list of roles granted to the "my-amp" amp. :)	
 
Powered by MarkLogic Server | Terms of Use | Privacy Policy