I am running as a user without the admin role. The account has been granted execute for the http://marklogic.com/xdmp/privileges/get-role
privilege as required for the sec:role-exists()
call. I had to create the privilege manually as it was not included out of the box, as resolved in this thread:
How to grant http://marklogic.com/xdmp/privileges/get-role privilege?
But now, with the privilege added, the call always returns false, whereas if I run as admin, it works fine. Running xdmp:permission()
with this user referencing an existing role works fine.
You should be running as a user who has the security role, since it needs to read documents whose permissions only grant read access to that role.