Setting Document Permissions

When you create documents in a database, you must think about setting permissions on the document. If a document has no permission set on it, no one, other than users with the admin role, can read, update, insert, or delete it. Additionally, non-admin users must add update permissions on documents when creating them; attempts to create a document without at least one update permission result in an XDMP-MUSTHAVEUPDATE exception.

You set document permissions in the following ways:

• Explicitly set permissions on a document at load time (as a parameter to xdmp:document-load() or xdmp:document-insert(), for example).

• Explicitly set and remove permissions on a document using the following functions:

  • xdmp:document-add-permissions()

  • xdmp:document-set-permissions()

  • xdmp:document-remove-permissions()

• Implicitly set permissions when the document is created based on the default permissions of the user who creates the documents. Permissions are applied to a document at document creation time based on the default permissions of the user who creates the document.

For examples of setting permissions on documents, see Example—Using Permissions.