MarkLogic 10 Product Documentation
sec.ampSetRoles

sec.ampSetRoles(
   namespace as String,
   local-name as String,
   document-uri as String,
   database as (Number|String),
   role-names as String[]
) as null

Summary

Assigns the amp identified by $namespace, $local-name and $document-uri to have the roles identified by $roles-names. Removes previously assigned roles.

If an amp with the given identifiers does not exist, an error is returned.

If a role name in $role-names does not correspond to an existing role, an error is returned.

If $role-names is the empty sequence, all roles assigned to the amp are removed.

If the current user is limited to granting only his/her roles, and $role-names is not a subset of the current user's roles, then an error is returned.

Parameters
namespace Namespace of the function to which the amp applies.
local-name Name of function to which the amp applies.
document-uri URI of the document in which the function is located.
database Database ID in which the module is located. If the module is on the filesystem (in the Modules directory), specify xs:unsignedLong(0).
role-names Roles that should be temporarily assumed while the amp is in effect.

Required Privileges

http://marklogic.com/xdmp/privileges/amp-set-roles
and for role assignment:
http://marklogic.com/xdmp/privileges/grant-all-roles or
http://marklogic.com/xdmp/privileges/grant-my-roles

Usage Notes

This function must be executed against the security database.

Example


// execute this against the security database

declareUpdate();  
const sec = require('/MarkLogic/security.xqy');
   
sec.ampSetRoles(
    "http://marklogic.com/my_modules/myspace",
    "my-amp",
    "/MarkLogic/MyModule.xqy",
    0,
    ["Developer", "Temporary"])
 
// Sets the "Developer" and "Temporary" rolea as the roles granted to the "my-amp" amp. 
   Any other roles previously in the list are removed. 
   
Powered by MarkLogic Server | Terms of Use | Privacy Policy