Hi, I'm writing application-level authentication and would like to decline access to a user who doesn't have a specific role assigned, but xdmp:user-roles() returns a role ID and am not sure how to process that. Could someone demystify this or point me in a helpful direction? Thanks, Shannon