Doesn't https://docs.marklogic.com/xdmp:privilege-roles do that?
If not, I would start with those roles and recurse. You can look up an entire generation of inheritance in each query, and stop when there's nothing more to do. In most cases I'd expect that to be faster than checking every role individually. -- Mike On 24 Jun 2014, at 07:49 , Demian Hess <[email protected]> wrote: > Given a specific execute privilege, I need to generate a list of roles that > have that privilege--including the roles that have inherited the privilege. > > I can call sec:privilege-get-roles() to get the roles to which the privilege > is directly attached. However, I don't think it returns the roles that > inherit the privilege (please correct me if I am wrong!). > > I can call sec:role-privileges($rolename) to get a list of the privileges and > inherited privileges. However, this assumes that I already know the role name. > > I could get a list of all roles and iterate over them and call > role-privileges(), but that seems wasteful. > > Is there a better way? > > -- > Demian Hess > Architect | Avalon Consulting, LLC > M: 301.943.8307 | Fax: 845.367.5496 > LinkedIn: http://www.linkedin.com/company/avalon-consulting-llc > Google+: http://www.google.com/+AvalonConsultingLLC > Twitter: https://twitter.com/avalonconsult > > _______________________________________________ > General mailing list > [email protected] > http://developer.marklogic.com/mailman/listinfo/general _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
