Loading TOC...


   $model as map:map
) as document-node()


This function is deprecated and will be removed in a future release.
Generate an Element Level Security configuration artifact for controlling access to entity properties designated as PII in the model.

model A valid basic model.

Usage Notes

The security configuration artifact generated by this function can be used with the Configuration Management API (v3 or later) to define Element Level Security (ELS) protected paths for each entity property designated as PII in the model. The configuration grants read access only to users with the "pii-reader" role. This role is pre-defined by MarkLogic. You must deploy the resulting configuration before your PII access controls can take effect.

See Also


xquery version "1.0-ml";
import module namespace es =
    at "/MarkLogic/entity-services/entity-services.xqy";

let $model-desc :=
<es:model xmlns:es="http://marklogic.com/entity-services">
    <es:description>People Example</es:description>

return es:pii-generate(

(: Returns the following ELS configuration artifact:
 : {"name":"People-4.0.0", 
 :   "desc":"A policy that secures name,bio of type Person", 
 :   "config":{
 :     "protected-path":[
 :       {"path-expression":"/envelope//instance//Person/name", 
 :        "path-namespace":[], 
 :        "permission":{"role-name":"pii-reader", "capability":"read"}}, 
 :       {"path-expression":"/envelope//instance//Person/bio", 
 :        "path-namespace":[], 
 :        "permission":{"role-name":"pii-reader", "capability":"read"}}
 :     ], 
 :     "query-roleset":{"role-name":["pii-reader"]}
 :   }
 : }

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.