Administrating MarkLogic Server

Click Security in the left tree menu. A list of security items appears.

Click Roles.

Click the Create tab.

Type in a name for the role in the Role Name field.

Type in a description for the role (optional).

If you want to place the role into the named compartment, enter name of the compartment in the Compartment field. Compartments provide an additional level of organization and control by grouping together related roles. They act as a higher-level container for roles and can be used to define access privileges for a specific set of resources. For example, you may have a compartment called "Finance" that contains roles such as "Finance Manager," "Accountant," and "Auditor."

If a document has any permissions (role/capability pairs) with roles that have a compartment, then the user must have those roles with each of the compartments (regardless of which permission they are in) to perform any of the capabilities.

If the role is to be mapped to an LDAP group or an OAuth group, enter one or more group names in the External Names section. For details on external authorization, see External Security in Securing MarkLogic Server.

Under the Roles section, select the roles from which this role will inherit.

Under the Execute Privileges section, select from the available execute privileges to associate with the role.

Under the URI Privileges section, select the available URI privileges to associate with the role.

Create default permissions for this role (optional). Select a role and pair the role with the appropriate capability (read, insert, update). If there are more than 3 default permissions you want to add for this role, you can do so on the next screen after you click OK.

Create default collections for this role (optional). Type in the collection URI for each collection you want to add to the role’s default collections. If there are more than 3 default permissions you want to add for this user, you can do so on the next screen after you click OK.

Click OK.