Loading TOC...


   $action as xs:string,
   $kind as xs:string,
   $role-names as xs:string*
) as empty-sequence()


Assigns the privilege ($action,$kind) to have the roles identified by $role-names. Removes the prviously assigned roles.

If a privilege identified by ($action,$kind) is not found, an error is returned.

If a role name in $role-names does not correspond to an existing role, an error is returned.

If $role-names is the empty sequence, all existing roles for the privilege are removed.

If the current user is limited to granting only his/her roles, and $role-names is not a subset of the current user's roles, then an error is returned.

action The action URI for the privilege. If $kind is a URI privilege, then use the URI to protect for the action parameter.
kind Either "execute" or "uri".
role-names New roles that can perform this action. All previously assigned roles will be removed. If $role-names is the empty sequence, the privilege will have no roles assigned.

Required Privileges

and for role assignment ($role-names not empty sequence):
http://marklogic.com/xdmp/privileges/grant-all-roles or

Usage Notes

This function must be executed against the security database.


(: execute this against the security database :)
xquery version "1.0-ml";
import module namespace sec="http://marklogic.com/xdmp/security" at 
     "execute", "Contractor")

(: Assigns the privilege with the specified action to the "Contractor" role.
   The privilege is removed from any other roles that had previously been  
   assigned the privilege. :)

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.