MarkLogic 9 Product Documentationsec:privilege-set-roles
sec:privilege-set-roles( $action as xs:string, $kind as xs:string, $role-names as xs:string* ) as empty-sequence()
Summary
Assigns the privilege ($action,$kind) to have the roles identified by
$role-names. Removes the prviously assigned roles.
If a privilege identified by ($action,$kind) is not found, an error is
returned.
If a role name in $role-names does not correspond to an existing role,
an error is returned.
If $role-names is the empty sequence, all existing roles for the privilege
are removed.
If the current user is limited to granting only his/her roles,
and $role-names is not a subset of the current user's roles, then an error
is returned.
Required Privileges
http://marklogic.com/xdmp/privileges/privilege-set-roles and for role assignment ($role-names not empty sequence):
http://marklogic.com/xdmp/privileges/grant-all-roles orhttp://marklogic.com/xdmp/privileges/grant-my-roles
Usage Notes
This function must be executed against the security database.
Example
(: execute this against the security database :)
xquery version "1.0-ml";
import module namespace sec="http://marklogic.com/xdmp/security" at
"/MarkLogic/security.xqy";
sec:privilege-set-roles(
"http://marklogic.com/xdmp/privileges/mypriv",
"execute", "Contractor")
(: Assigns the privilege with the specified action to the "Contractor" role.
The privilege is removed from any other roles that had previously been
assigned the privilege. :)
Stack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.