sec:amp-set-roles( $namespace as xs:string, $local-name as xs:string, $document-uri as xs:string, $database as xs:unsignedLong, $role-names as xs:string* ) as empty-sequence()
Assigns the amp identified by $namespace, $local-name and $document-uri
to have the roles identified by $roles-names. Removes previously
assigned roles.
If an amp with the given identifiers does not exist, an error is
returned.
If a role name in $role-names does not correspond to an existing role,
an error is returned.
If $role-names is the empty sequence, all roles assigned to the amp are
removed.
If the current user is limited to granting only his/her roles,
and $role-names is not a subset of the current user's roles, then an
error is returned.
http://marklogic.com/xdmp/privileges/amp-set-roles
http://marklogic.com/xdmp/privileges/grant-all-roles
orhttp://marklogic.com/xdmp/privileges/grant-my-roles
This function must be executed against the security database.
(: execute this against the security database :) xquery version "1.0-ml"; import module namespace sec="http://marklogic.com/xdmp/security" at "/MarkLogic/security.xqy"; sec:amp-set-roles( "http://marklogic.com/my_modules/myspace", "my-amp", "/MarkLogic/MyModule.xqy", 0, ("Developer", "Temporary")) (: Sets the "Developer" and "Temporary" rolea as the roles granted to the "my-amp" amp. Any other roles previously in the list are removed. :)