Loading TOC...

sec:amp-remove-roles

sec:amp-remove-roles(
   $namespace as xs:string,
   $local-name as xs:string,
   $document-uri as xs:string,
   $database as xs:unsignedLong,
   $role-names as xs:string*
) as empty-sequence()

Summary

Removes a role ($role-name) from the set of roles included by the amp ($namespace, $local-name, $document-uri).

Parameters
$namespace Namespace of the function to which the amp applies.
$local-name Name of function to which the amp applies.
$document-uri URI of the document in which the function is located.
$database Database ID in which the module is located. If the module is on the filesystem (in the Modules directory), specify xs:unsignedLong(0).
$role-names Roles that should be temporarily assumed while the amp is in effect.

Required Privileges

http://marklogic.com/xdmp/privileges/amp-remove-roles
and for role removal:
http://marklogic.com/xdmp/privileges/grant-all-roles or
http://marklogic.com/xdmp/privileges/grant-my-roles

Usage Notes

If one of $role-names does not correspond to an existing role, an error is returned.

If an amp idnetified by ($namespace, $local-name, $document-uri) is not found then an error is returned.

If the current user is limited to granting only his/her roles, and $role-name is not a subset of the current user's roles, then an error is returned.

This function must be executed against the security database.

Example


(: execute this against the security database :)
xquery version "1.0-ml";
import module namespace sec="http://marklogic.com/xdmp/security" at 
    "/MarkLogic/security.xqy";
  
sec:amp-remove-roles(
    "http://marklogic.com/my_modules/myspace",
    "my-amp",
    "/MarkLogic/MyModule.xqy",
    0,
    "Developer")

(: Removes the "Developer" role from the list of roles granted to the "my-amp" amp. :)
   

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.