Loading TOC...

sec:create-role

sec:create-role(
   $role-name as xs:string,
   $description as xs:string?,
   $role-names as xs:string*,
   $permissions as element(sec:permission)*,
   $collections as xs:string*,
   [$compartment as xs:string?],
   [$external-names as xs:string*]
) as xs:unsignedLong

Summary

Creates a new role in the system database for the context database.

If $role-name is not unique, an error is returned.

If one of the $role-names does not identify a role, an error is returned.

If the current user is limited to granting only his/her roles, and $role-names is not a subset of the current user's roles, then an error is returned.

Returns the role-id.

Parameters
$role-name The name of the role to be created.
$description A description of the role to be created.
$role-names A sequence of role names to which the role is assigned.
$permissions The default permissions for the role.
$collections The default collections for the role.
$compartment The compartment to assign to the role.
$external-names The external names for the role. Or an empty sequence, if no external names are used.

Required Privileges

http://marklogic.com/xdmp/privileges/create-role
and for role assignment:
http://marklogic.com/xdmp/privileges/grant-all-roles or
http://marklogic.com/xdmp/privileges/grant-my-roles

Usage Notes

This function must be executed against the security database.

Example


xquery version "1.0-ml";
import module namespace sec="http://marklogic.com/xdmp/security" at 
    "/MarkLogic/security.xqy";

sec:create-role(
    "Temporary",
    "Temporary worker access",
    ("filesystem-access"),
    (),
    ("testDocument"))
   
(: Creates a new role, named "Temporary," with the default collection, 
   named testDocument. :)  
  

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.