sec.ampRemoveRoles( namespace as String, local-name as String, document-uri as String, database as (Number|String), role-names as String[] ) as null
Removes a role ($role-name) from the set of roles included by the amp ($namespace, $local-name, $document-uri).
http://marklogic.com/xdmp/privileges/amp-remove-roles
http://marklogic.com/xdmp/privileges/grant-all-roles
orhttp://marklogic.com/xdmp/privileges/grant-my-roles
If one of $role-names does not correspond to an existing role, an error is returned.
If an amp idnetified by ($namespace, $local-name, $document-uri) is not found then an error is returned.
If the current user is limited to granting only his/her roles, and $role-name is not a subset of the current user's roles, then an error is returned.
This function must be executed against the security database.
// execute this against the security database declareUpdate(); const sec = require('/MarkLogic/security.xqy'); sec.ampRemoveRoles( "http://marklogic.com/my_modules/myspace", "my-amp", "/MarkLogic/MyModule.xqy", 0, "Developer") // Removes the "Developer" role from the list of roles granted to the "my-amp" amp.