sec:privilege-remove-roles( $action as xs:string, $kind as xs:string, $role-names as xs:string* ) as empty-sequence()
Removes roles ($role-names) from the roles assigned to the privilege
($action,$kind).
If a privilege identified by ($action,$kind) is not found, an error is
returned.
If one of $role-names does not correspond to an existing role,
an error is returned.
If the current user is limited to granting only his/her roles,
and $role is not a subset of the current user's roles, then an error
is returned.
http://marklogic.com/xdmp/privileges/privilege-remove-roles
http://marklogic.com/xdmp/privileges/grant-all-roles
orhttp://marklogic.com/xdmp/privileges/grant-my-roles
This function must be executed against the security database.
(: execute this against the security database :) xquery version "1.0-ml"; import module namespace sec="http://marklogic.com/xdmp/security" at "/MarkLogic/security.xqy"; sec:privilege-remove-roles( "http://marklogic.com/xdmp/privileges/mypriv", "execute", "Contractor") (: Removes the specified privilege from the "Contractor" role. :)