Skip to main content

Using MarkLogic Content Pump (mlcp)

Security Considerations

When you use mlcp, you supply the name of a user(s) with which to interact with MarkLogic Server. If the user does not have admin privileges, then the user must have at least the privileges listed in the table below.

Note

Additional privileges may be required. These roles only enable use of MarkLogic Server as a data source or destination. For example, these roles do not grant read or update permissions to the database.

mlcp Command

Privilege

Notes

import

hadoop-user-write

Applies to the username specified with -username. It is recommended that you also set -output_permissions to set the permissions on inserted documents.

export

hadoop-user-read

Applies to the username specified with -username.

copy

hadoop-user-read

(input)

hadoop-user-write

(output)

The -input_username user have the hadoop-user-read privilege on source MarkLogic Server instance.

The -output_username user must have the hadoop-user-write privilege on destination MarkLogic Server instance.

By default, mlcp requires a username and password to be included in the command line options for each job. You can avoid passing a cleartext password between your mlcp client host and MarkLogic Server by using Kerberos for authentication. For details, see Using mlcp with Kerberos.

In this section: