Loading TOC...

sec.privilegeAddRoles

sec.privilegeAddRoles(
   $action as String,
   $kind as String,
   $role-names as String[]
) as null

Summary

Adds the roles ($role-names) to the list of roles assigned to the privilege ($action,$kind).

If a privilege identified by ($action,$kind) is not found, an error is returned.

If one of $role-names does not correspond to an existing role, an error is returned.

If the current user is limited to granting only his/her roles, and $role is not a subset of the current user's roles, then an error is returned.

Parameters
$action The action URI for the privilege. If $kind is a URI privilege, then use the URI to protect for the action parameter.
$kind Either "execute" or "uri".
$role-names Additional roles for the privilege. If $role-names is the empty sequence, the function has no effect.

Required Privileges

http://marklogic.com/xdmp/privileges/privilege-add-roles
and for role assignment: http://marklogic.com/xdmp/privileges/grant-all-roles or
http://marklogic.com/xdmp/privileges/grant-my-roles

Usage Notes

This function must be executed against the security database.

Example


// execute this against the security database

declareUpdate();  
const sec = require('/MarkLogic/security.xqy');

sec.privilegeAddRoles(
    "http://marklogic.com/xdmp/privileges/unprotected-collections",
    "execute",
    ["Temporary"])
   
// Adds the unprotected-collection execute privilege to the Temporary role.   
   

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.