es:pii-generate
es:pii-generate( $model as map:map ) as document-node()
Summary
This function is deprecated and will not be supported in MarkLogic 11.
Generate an Element Level Security configuration artifact for controlling
access to entity properties designated as PII in the model.
| Parameters | |
|---|---|
| model | A valid basic model. |
Usage Notes
The security configuration artifact generated by this function can be used with the Configuration Management API (v3 or later) to define Element Level Security (ELS) protected paths for each entity property designated as PII in the model. The configuration grants read access only to users with the "pii-reader" role. This role is pre-defined by MarkLogic. You must deploy the resulting configuration before your PII access controls can take effect.See Also
- Identifying Personally Identifiable Information (PII) in the Entity Services Developer's Guide
- Generating a PII Security Configuration Artifact in the Entity Services Developer's Guide
Example
xquery version "1.0-ml";
import module namespace es =
"http://marklogic.com/entity-services"
at "/MarkLogic/entity-services/entity-services.xqy";
let $model-desc :=
<es:model xmlns:es="http://marklogic.com/entity-services">
<es:info>
<es:title>People</es:title>
<es:description>People Example</es:description>
<es:version>4.0.0</es:version>
</es:info>
<es:definitions>
<Person>
<es:properties>
<id><es:datatype>int</es:datatype></id>
<name><es:datatype>string</es:datatype></name>
<bio><es:datatype>string</es:datatype></bio>
<rating><es:datatype>float</es:datatype></rating>
</es:properties>
<es:required>name</es:required>
<es:primary-key>id</es:primary-key>
<es:pii>name</es:pii>
<es:pii>bio</es:pii>
</Person>
</es:definitions>
</es:model>
return es:pii-generate(
es:model-from-xml($model-desc)
)
(: Returns the following ELS configuration artifact:
:
: {"name":"People-4.0.0",
: "desc":"A policy that secures name,bio of type Person",
: "config":{
: "protected-path":[
: {"path-expression":"/envelope//instance//Person/name",
: "path-namespace":[],
: "permission":{"role-name":"pii-reader", "capability":"read"}},
: {"path-expression":"/envelope//instance//Person/bio",
: "path-namespace":[],
: "permission":{"role-name":"pii-reader", "capability":"read"}}
: ],
: "query-roleset":{"role-name":["pii-reader"]}
: }
: }
:)