Loading TOC...


   role-name as String,
   description as String?,
   role-names as String[],
   permissions as element(sec.permission)[],
   collections as String[],
   [compartment as String?],
   [external-names as String[]]
) as (Number|String)


Creates a new role in the system database for the context database.

If $role-name is not unique, an error is returned.

If one of the $role-names does not identify a role, an error is returned.

If the current user is limited to granting only his/her roles, and $role-names is not a subset of the current user's roles, then an error is returned.

Returns the role-id.

role-name The name of the role to be created.
description A description of the role to be created.
role-names A sequence of role names to which the role is assigned.
permissions The default permissions for the role.
collections The default collections for the role.
compartment The compartment to assign to the role.
external-names The external names for the role. Or an empty sequence, if no external names are used.

Required Privileges

and for role assignment:
http://marklogic.com/xdmp/privileges/grant-all-roles or

Usage Notes

This function must be executed against the security database.


const sec = require('/MarkLogic/security.xqy');

    "Temporary worker access",
// Creates a new role, named "Temporary," with the default collection, 
   named testDocument.   

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.