Loading TOC...

sec.roleSetRoles

sec.roleSetRoles(
   role-name as String,
   role-names as String[]
) as null

Summary

Assigns roles (named $role-names) to be the set of included roles for the role ($role-name). Removes previously assigned roles.

If a role with name equal to $role-name is not found, an error is returned.

If a role name in $role-names does not correspond to an existing role, an error is returned.

If $role-names is the empty sequence, all included roles for the role are removed.

If the current user is limited to granting only his/her roles, and $role-names is not a subset of the current user's roles, then an error is returned.

Parameters
role-name The name of a role.
role-names A sequence containing the names of roles to assign to $role-name.

Required Privileges

http://marklogic.com/xdmp/privileges/role-set-roles
and for role assignment ($role-names not empty sequence):
http://marklogic.com/xdmp/privileges/grant-all-roles or
http://marklogic.com/xdmp/privileges/grant-my-roles

Usage Notes

This function must be executed against the security database.

Example


// execute this against the security database

declareUpdate();  
const sec = require('/MarkLogic/security.xqy');
   
sec.roleSetRoles("Contractor", [Developer", "alert-internal"])

// Assigns the "Developer" and "alert-internal" roles to the "Contractor" 
   role and removes any other roles previously assigned to "Contractor."  

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.