MarkLogic Server 11.0 Product Documentation
sec:privilege-remove-roles

sec:privilege-remove-roles(
   $action as xs:string,
   $kind as xs:string,
   $role-names as xs:string*
) as empty-sequence()

Summary

Removes roles ($role-names) from the roles assigned to the privilege ($action,$kind).

If a privilege identified by ($action,$kind) is not found, an error is returned.

If one of $role-names does not correspond to an existing role, an error is returned.

If the current user is limited to granting only his/her roles, and $role is not a subset of the current user's roles, then an error is returned.

Parameters
action The action URI for the privilege. If $kind is a URI privilege, then use the URI to protect for the action parameter.
kind Either "execute" or "uri".
role-names Additional roles for the privilege. If $role-names is the empty sequence, the function has no effect.

Required Privileges

http://marklogic.com/xdmp/privileges/privilege-remove-roles
and for role removal:
http://marklogic.com/xdmp/privileges/grant-all-roles or
http://marklogic.com/xdmp/privileges/grant-my-roles

Usage Notes

This function must be executed against the security database.

Example


(: execute this against the security database :)
xquery version "1.0-ml";
import module namespace sec="http://marklogic.com/xdmp/security" at 
    "/MarkLogic/security.xqy";
 
sec:privilege-remove-roles(
    "http://marklogic.com/xdmp/privileges/mypriv", 
    "execute", "Contractor")
  
(: Removes the specified privilege from the "Contractor" role. :) 
Powered by MarkLogic Server | Terms of Use | Privacy Policy