Using Granular Privileges with MarkLogic Data Hub Service
MarkLogic Data Hub Service (DHS) provides a managed instance in which to deploy an operational data hub created using MarkLogic Data Hub.
The following roles are built into DHS:
Amazon Web Services (AWS)
Microsoft Azure
The following rules apply to granular privileges on a data hub:
A user assigned the Security Admin service role cannot delete or modify privileges for these or any other pre-built roles, and these pre-built roles cannot inherit privileges.
When a user assigned the Security Admin service role creates a DHS custom role, that role initially has no pre-built roles associated with it.
Custom roles in DHS can inherit functionality from the pre-built DHS roles, from other DHS custom roles, or they can be created to have no inheritance, but you cannot assign any privileges to DHS custom roles.
DHS custom roles cannot inherit privileges from any other (non-DHS) pre-built MarkLogic Server roles.
You can change the external name for a DHS custom role, but the internal name stays constant.