Loading TOC...

sec.createRole

sec.createRole(
   $role-name as String,
   $description as String?,
   $role-names as String[],
   $permissions as element(sec.permission)[],
   $collections as String[],
   [$compartment as String?],
   [$external-names as String[]],
   [$queries as Object]
) as (Number|String)

Summary

Creates a new role in the system database for the context database.

If $role-name is not unique, an error is returned.

If one of the $role-names does not identify a role, an error is returned.

If the current user is limited to granting only his/her roles, and $role-names is not a subset of the current user's roles, then an error is returned.

Returns the role-id.

Parameters
$role-name The name of the role to be created.
$description A description of the role to be created.
$role-names A sequence of role names to which the role is assigned.
$permissions The default permissions for the role.
$collections The default collections for the role.
$compartment The compartment to assign to the role.
$external-names The external names for the role. Or an empty sequence, if no external names are used.
$queries A map from capabilities (read, update, node-update, and execute) to cts queries of the role.

Required Privileges

http://marklogic.com/xdmp/privileges/create-role or create-data-role
and for role assignment:
http://marklogic.com/xdmp/privileges/grant-all-roles or
http://marklogic.com/xdmp/privileges/grant-my-roles
and, for creating roles with queries:
http://marklogic.com/xdmp/privileges/role-set-queries

Usage Notes

This function must be executed against the security database.

Example


// execute this against the security database.
declareUpdate(); 
const sec = require('/MarkLogic/security.xqy');

sec.createRole(
    "Temporary",
    "Temporary worker access",
    ["filesystem-access"],
    [],
    ["testDocument"])
   
// Creates a new role, named "Temporary," with the default collection, 
// named testDocument.   
  

Example


// execute this against the security database.
declareUpdate(); 
const sec = require('/MarkLogic/security.xqy');
    
sec.createRole(
  "region-NA", 
  "Can see NA documents.",
  [], [], [], "compartment-region", [], 
  {
    "read":cts.elementQuery(xs.QName("metadata"), 
      cts.elementWordQuery(xs.QName("region"), "region-NA"))
  }
) 

// Creates a new role, named "region-NA", and with compartment 
// "compartment-region". "region-NA" has role queries which allow any users with
// this role to read documents that have "region-NA" in the metadata.  
  

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.