Loading TOC...

sec:protect-path

sec:protect-path(
   $path as xs:string,
   $path-namespaces as element(sec:path-namespace)*,
   $permissions as element(sec:permission)+,
   $path-set as xs:string?
) as xs:unsignedLong

Summary

This function protects the path specified, restricting the ability to view content based on the user's permissions. The function returns the unique ID of the protected path.

Parameters
$path The name of the path to be protected.
$path-namespaces The namespace(s) for the path to be protected.
$permissions The permissions assigned to the protected path.
$path-set The path set assigned to the protected path.

Required Privileges

http://marklogic.com/xdmp/privileges/protect-path

Usage Notes

This function must be executed against the Security database.

If the protected path has a path set, it can only have read permissions.

Compartmented-roles in protected paths from the same set should belong to the same compartment.

Example


 (: execute this against the Security database :)
 
xquery version "1.0-ml"; 
import module namespace sec = "http://marklogic.com/xdmp/security" 
      at "/MarkLogic/security.xqy";
	  
sec:protect-path("/root/bar[@baz=1]", (), (xdmp:permission("els-role-2", "read")))  ,
sec:protect-path("test", (), (xdmp:permission("els-role-2", "read")), "set1"),
sec:protect-path("/root/reg[fn:matches(@expr, 'is')]", (), (xdmp:permission("els-role-2", "read")))
    

Example


 (: execute this against the Security database :)
 
xquery version "1.0-ml"; 
import module namespace sec = "http://marklogic.com/xdmp/security" 
      at "/MarkLogic/security.xqy";
	  
sec:protect-path("/root/ml:bar[@baz=1]", (sec:security-path-namespace("ml", "marklogic.com")),
  (xdmp:permission("els-role-2", "read")))

(: adds a protected path for the element in the ml namespace :)
   

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.