Loading TOC...

sec.ampAddRoles

sec.ampAddRoles(
   namespace as String,
   local-name as String,
   document-uri as String,
   database as (Number|String),
   role-names as String[]
) as null

Summary

Adds the roles ($role-names) to the list of roles granted to the amp ($namespace, $local-name, $document-uri).

Parameters
namespace Namespace of the function to which the amp applies.
local-name Name of function to which the amp applies.
document-uri URI of the document in which the function is located.
database Database ID in which the module is located. If the module is on the filesystem (in the Modules directory), specify xs:unsignedLong(0).
role-names Roles that should be temporarily assumed while the amp is in effect.

Required Privileges

http://marklogic.com/xdmp/privileges/amp-add-roles
and for role assignment:
http://marklogic.com/xdmp/privileges/grant-all-roles or
http://marklogic.com/xdmp/privileges/grant-my-roles

Usage Notes

If an amp with the given identifiers ($namespace, $local-name, $document-uri) is not found, an error is returned.

If one of $role-names does not correspond to an existing role, an error is returned.

If the current user is limited to granting only his/her roles, and $role is not a subset of the current user's roles, then an error is returned.

This function must be executed against the security database.

Example


// execute this against the security database

declareUpdate();   
const sec = require('/MarkLogic/security.xqy');

sec.ampAddRoles(
    "http://marklogic.com/my_modules/myspace",
    "my-amp",
    "/MarkLogic/MyModule.xqy",
    0,
    "Contractor")

// Adds the "Contractor" role to the list of roles granted to the "my-amp" amp. 	
 

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.