MarkLogic 12 Product Documentationsec.createRole
sec.createRole( role-name as String, description as String?, role-names as String[], permissions as element(sec.permission)[], collections as String[], [compartment as String?], [external-names as String[]], [queries as Object] ) as (Number|String)
Summary
Creates a new role in the system database for the context
database.
If $role-name is not unique, an error is returned.
If one of the $role-names does not identify a role, an error
is returned.
If the current user is limited to granting only his/her roles,
and $role-names is not a subset of the current user's roles, then an
error is returned.
Returns the role-id.
Required Privileges
http://marklogic.com/xdmp/privileges/create-role or create-data-roleand for role assignment:
http://marklogic.com/xdmp/privileges/grant-all-roles orhttp://marklogic.com/xdmp/privileges/grant-my-rolesand, for creating roles with queries:
http://marklogic.com/xdmp/privileges/role-set-queries
Usage Notes
This function must be executed against the security database.
Example
// execute this against the security database.
declareUpdate();
const sec = require('/MarkLogic/security.xqy');
sec.createRole(
"Temporary",
"Temporary worker access",
["filesystem-access"],
[],
["testDocument"])
// Creates a new role, named "Temporary," with the default collection,
// named testDocument.
Example
// execute this against the security database.
declareUpdate();
const sec = require('/MarkLogic/security.xqy');
sec.createRole(
"region-NA",
"Can see NA documents.",
[], [], [], "compartment-region", [],
{
"read":cts.elementQuery(xs.QName("metadata"),
cts.elementWordQuery(xs.QName("region"), "region-NA"))
}
)
// Creates a new role, named "region-NA", and with compartment
// "compartment-region". "region-NA" has role queries which allow any users with
// this role to read documents that have "region-NA" in the metadata.
Stack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.