sec:protect-path( $path as xs:string, $path-namespaces as element(sec:path-namespace)*, $permissions as element(sec:permission)+, $path-set as xs:string? ) as xs:unsignedLong
This function protects the path specified, restricting the ability to view content based on the user's permissions. The function returns the unique ID of the protected path.
http://marklogic.com/xdmp/privileges/protect-path
This function must be executed against the Security database.
If the protected path has a path set, it can only have read permissions.
Compartmented-roles in protected paths from the same set should belong to the same compartment.
(: execute this against the Security database :) xquery version "1.0-ml"; import module namespace sec = "http://marklogic.com/xdmp/security" at "/MarkLogic/security.xqy"; sec:protect-path("/root/bar[@baz=1]", (), (xdmp:permission("els-role-2", "read"))) , sec:protect-path("test", (), (xdmp:permission("els-role-2", "read")), "set1"), sec:protect-path("/root/reg[fn:matches(@expr, 'is')]", (), (xdmp:permission("els-role-2", "read")))
(: execute this against the Security database :) xquery version "1.0-ml"; import module namespace sec = "http://marklogic.com/xdmp/security" at "/MarkLogic/security.xqy"; sec:protect-path("/root/ml:bar[@baz=1]", (sec:security-path-namespace("ml", "marklogic.com")), (xdmp:permission("els-role-2", "read"))) (: adds a protected path for the element in the ml namespace :)