MarkLogic 9 Product Documentation
es:pii-generate

es:pii-generate(
   $model as map:map
) as document-node()

Summary

This function is deprecated and will not be supported in MarkLogic 11.
Generate an Element Level Security configuration artifact for controlling access to entity properties designated as PII in the model.

Parameters
model A valid basic model.

Usage Notes

The security configuration artifact generated by this function can be used with the Configuration Management API (v3 or later) to define Element Level Security (ELS) protected paths for each entity property designated as PII in the model. The configuration grants read access only to users with the "pii-reader" role. This role is pre-defined by MarkLogic. You must deploy the resulting configuration before your PII access controls can take effect.

See Also

Example

xquery version "1.0-ml";
import module namespace es =
    "http://marklogic.com/entity-services"
    at "/MarkLogic/entity-services/entity-services.xqy";

let $model-desc :=
<es:model xmlns:es="http://marklogic.com/entity-services">
  <es:info>
    <es:title>People</es:title>
    <es:description>People Example</es:description>
    <es:version>4.0.0</es:version>
  </es:info>
  <es:definitions>
    <Person>
      <es:properties>
        <id><es:datatype>int</es:datatype></id>
        <name><es:datatype>string</es:datatype></name>
        <bio><es:datatype>string</es:datatype></bio>
        <rating><es:datatype>float</es:datatype></rating>
      </es:properties>
      <es:required>name</es:required>
      <es:primary-key>id</es:primary-key>
      <es:pii>name</es:pii>
      <es:pii>bio</es:pii>
    </Person>
  </es:definitions>
</es:model>

return es:pii-generate(
  es:model-from-xml($model-desc)
)

(: Returns the following ELS configuration artifact:
 :
 : {"name":"People-4.0.0", 
 :   "desc":"A policy that secures name,bio of type Person", 
 :   "config":{
 :     "protected-path":[
 :       {"path-expression":"/envelope//instance//Person/name", 
 :        "path-namespace":[], 
 :        "permission":{"role-name":"pii-reader", "capability":"read"}}, 
 :       {"path-expression":"/envelope//instance//Person/bio", 
 :        "path-namespace":[], 
 :        "permission":{"role-name":"pii-reader", "capability":"read"}}
 :     ], 
 :     "query-roleset":{"role-name":["pii-reader"]}
 :   }
 : }
 :)
  
Powered by MarkLogic Server | Terms of Use | Privacy Policy