MarkLogic 12 EA 1 Product Documentation
sec:amp-remove-roles

sec:amp-remove-roles(
   $namespace as xs:string,
   $local-name as xs:string,
   $document-uri as xs:string,
   $database as xs:unsignedLong,
   $role-names as xs:string*
) as empty-sequence()

Summary

Removes a role ($role-name) from the set of roles included by the amp ($namespace, $local-name, $document-uri).

Parameters
namespace Namespace of the function to which the amp applies.
local-name Name of function to which the amp applies.
document-uri URI of the document in which the function is located.
database Database ID in which the module is located. If the module is on the filesystem (in the Modules directory), specify xs:unsignedLong(0).
role-names Roles that should be temporarily assumed while the amp is in effect.

Required Privileges

http://marklogic.com/xdmp/privileges/amp-remove-roles
and for role removal:
http://marklogic.com/xdmp/privileges/grant-all-roles or
http://marklogic.com/xdmp/privileges/grant-my-roles

Usage Notes

If one of $role-names does not correspond to an existing role, an error is returned.

If an amp idnetified by ($namespace, $local-name, $document-uri) is not found then an error is returned.

If the current user is limited to granting only his/her roles, and $role-name is not a subset of the current user's roles, then an error is returned.

This function must be executed against the security database.

Example


(: execute this against the security database :)
xquery version "1.0-ml";
import module namespace sec="http://marklogic.com/xdmp/security" at 
    "/MarkLogic/security.xqy";
  
sec:amp-remove-roles(
    "http://marklogic.com/my_modules/myspace",
    "my-amp",
    "/MarkLogic/MyModule.xqy",
    0,
    "Developer")

(: Removes the "Developer" role from the list of roles granted to the "my-amp" amp. :)
   
Powered by MarkLogic Server | Terms of Use | Privacy Policy