JavaScript sec.createRole

MarkLogic 9 Product Documentation
sec:create-role

sec:create-role(
   $role-name as xs:string,
   $description as xs:string?,
   $role-names as xs:string*,
   $permissions as element(sec:permission)*,
   $collections as xs:string*,
   [$compartment as xs:string?],
   [$external-names as xs:string*]
) as xs:unsignedLong

Summary

Creates a new role in the system database for the context database.

If $role-name is not unique, an error is returned.

If one of the $role-names does not identify a role, an error is returned.

If the current user is limited to granting only his/her roles, and $role-names is not a subset of the current user's roles, then an error is returned.

Returns the role-id.

Parameters
role-name The name of the role to be created.
description A description of the role to be created.
role-names A sequence of role names to which the role is assigned.
permissions The default permissions for the role.
collections The default collections for the role.
compartment The compartment to assign to the role.
external-names The external names for the role. Or an empty sequence, if no external names are used.

Required Privileges

http://marklogic.com/xdmp/privileges/create-role
and for role assignment:
http://marklogic.com/xdmp/privileges/grant-all-roles or
http://marklogic.com/xdmp/privileges/grant-my-roles

Usage Notes

This function must be executed against the security database.

Example


xquery version "1.0-ml";
import module namespace sec="http://marklogic.com/xdmp/security" at 
    "/MarkLogic/security.xqy";

sec:create-role(
    "Temporary",
    "Temporary worker access",
    ("filesystem-access"),
    (),
    ("testDocument"))
   
(: Creates a new role, named "Temporary," with the default collection, 
   named testDocument. :)
Powered by MarkLogic Server | Terms of Use | Privacy Policy