Loading TOC...


   $namespace as xs:string,
   $local-name as xs:string,
   $document-uri as xs:string,
   $database as xs:unsignedLong,
   $role-names as xs:string*
) as empty-sequence()


Removes a role ($role-name) from the set of roles included by the amp ($namespace, $local-name, $document-uri).

$namespace Namespace of the function to which the amp applies.
$local-name Name of function to which the amp applies.
$document-uri URI of the document in which the function is located.
$database Database ID in which the module is located. If the module is on the filesystem (in the Modules directory), specify xs:unsignedLong(0).
$role-names Roles that should be temporarily assumed while the amp is in effect.

Required Privileges

and for role removal:
http://marklogic.com/xdmp/privileges/grant-all-roles or

Usage Notes

If one of $role-names does not correspond to an existing role, an error is returned.

If an amp idnetified by ($namespace, $local-name, $document-uri) is not found then an error is returned.

If the current user is limited to granting only his/her roles, and $role-name is not a subset of the current user's roles, then an error is returned.

This function must be executed against the security database.


(: execute this against the security database :)
xquery version "1.0-ml";
import module namespace sec="http://marklogic.com/xdmp/security" at 

(: Removes the "Developer" role from the list of roles granted to the "my-amp" amp. :)

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.