Returns the set of all roles assigned to an amp, including roles directly assigned to the amp and roles inherited by other roles.

  xdmp:amp-roles("http://marklogic.com", 
                 "read-docs", 
                 "/app/docs.xqy",
                 239487239487)
  =>(2349872340, 432987324)

Tests whether a user can grant or revoke a set of roles. Raises an error if the session user can not.

  xdmp:can-grant-roles(("development", "qa"))

Returns the collections any new document would get if the current user were to insert a document without specifying the collections.

  xdmp:default-collections()
  =>("http://example.com/docs",
        "http://example.com/manuals")

Returns the permissions any new document would get if the current user were to insert a document without specifying the default permissions.

  xdmp:default-permissions("http://example.com/content/foo.xml")
  =>(<sec:permission>
          <sec:capability>read</sec:capability>
          <sec:role-id>324978243</sec:role-id>
        </sec:permission>,
        <sec:permission>
          <sec:capability>read</sec:capability>
          <sec:role-id>32493478578243</sec:role-id>
        </sec:permission>,
        <sec:permission>
          <sec:capability>update</sec:capability>
          <sec:role-id>32493478578243</sec:role-id>
        </sec:permission>)

Returns the permissions to a given document.

  xdmp:document-get-permissions("chapter5.xml")
  =>(<sec:permission>
          <sec:capability>read</sec:capability>
          <sec:role-id>324978243</sec:role-id>
        </sec:permission>,
        <sec:permission>
          <sec:capability>read</sec:capability>
          <sec:role-id>32493478578243</sec:role-id>
        </sec:permission>,
        <sec:permission>
          <sec:capability>update</sec:capability>
          <sec:role-id>32493478578243</sec:role-id>
        </sec:permission>)

Returns all the current roles, both assigned and inherited by the current user and any received from amps.

  xdmp:get-current-roles()
  =>(2349872340, 432987324)

Returns the name of the current user.

  xdmp:get-current-user()
  =>"ian"

Returns the id of the current user.

  xdmp:get-request-user()
  =>23987236

Tests whether the current user has at least one of a given set of privileges. Returns true if they do, false otherwise.

xdmp:has-privilege("http://myprivs/function-foo", "execute")
  => true if the current user has the execute privilege on a 
     privilege with the URI "http://myprivs/function-foo" 

Returns a permission element in the security namespace corresponding to the named role and capability given.

  xdmp:permission("development", "read")
  =><sec:permission>
          <sec:capability>read</sec:capability>
          <sec:role-id>32497824353</sec:role-id>
       </sec:permission>

Returns the set of all roles that have a given privilege.

  xdmp:privilege-roles(
         "http://marklogic.com/privileges/delete-all", 
         "execute")
  =>(2349872340, 432987324)

Returns the set of all roles inherited by a given role, including roles directly assigned to the role and roles inherited from other roles.

  xdmp:role-roles("vp")
  =>(2349872340, 432987324)

Tests whether the current user has at least one of a given set of privileges. Raises an error if the user does not have any of the privileges.

  xdmp:security-assert("function-foo", "execute")

Returns all roles assigned to a user, including roles directly assigned to the user and roles inherited by other roles.

  xdmp:user-roles("ian")
  =>(2349872340, 432987324)