sec:privilege-set-roles( $action as xs:string, $kind as xs:string, $role-names as xs:string* ) as empty-sequence()
Assigns the privilege ($action,$kind) to have the roles identified by
$role-names. Removes the prviously assigned roles.
If a privilege identified by ($action,$kind) is not found, an error is
returned.
If a role name in $role-names does not correspond to an existing role,
an error is returned.
If $role-names is the empty sequence, all existing roles for the privilege
are removed.
If the current user is limited to granting only his/her roles,
and $role-names is not a subset of the current user's roles, then an error
is returned.
http://marklogic.com/xdmp/privileges/privilege-set-roles
http://marklogic.com/xdmp/privileges/grant-all-roles
orhttp://marklogic.com/xdmp/privileges/grant-my-roles
This function must be executed against the security database.
(: execute this against the security database :) xquery version "1.0-ml"; import module namespace sec="http://marklogic.com/xdmp/security" at "/MarkLogic/security.xqy"; sec:privilege-set-roles( "http://marklogic.com/xdmp/privileges/mypriv", "execute", "Contractor") (: Assigns the privilege with the specified action to the "Contractor" role. The privilege is removed from any other roles that had previously been assigned the privilege. :)