MarkLogic Server 11.0 Product Documentationsec:protect-path
sec:protect-path( $path as xs:string, $path-namespaces as element(sec:path-namespace)*, $permissions as element(sec:permission)+, $path-set as xs:string? ) as xs:unsignedLong
Summary
This function protects the path specified, restricting the ability to view content based on the user's permissions. The function returns the unique ID of the protected path.
Required Privileges
http://marklogic.com/xdmp/privileges/protect-path
Usage Notes
This function must be executed against the Security database.
If the protected path has a path set, it can only have read permissions.
Compartmented-roles in protected paths from the same set should belong to the same compartment.
Example
(: execute this against the Security database :)
xquery version "1.0-ml";
import module namespace sec = "http://marklogic.com/xdmp/security"
at "/MarkLogic/security.xqy";
sec:protect-path("/root/bar[@baz=1]", (), (xdmp:permission("els-role-2", "read"))) ,
sec:protect-path("test", (), (xdmp:permission("els-role-2", "read")), "set1"),
sec:protect-path("/root/reg[fn:matches(@expr, 'is')]", (), (xdmp:permission("els-role-2", "read")))
Example
(: execute this against the Security database :)
xquery version "1.0-ml";
import module namespace sec = "http://marklogic.com/xdmp/security"
at "/MarkLogic/security.xqy";
sec:protect-path("/root/ml:bar[@baz=1]", (sec:security-path-namespace("ml", "marklogic.com")),
(xdmp:permission("els-role-2", "read")))
(: adds a protected path for the element in the ml namespace :)
Stack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.