Appendix: Service Roles

This appendix is a reference guide for service roles in previous versions of MarkLogic Data Hub Service.

2.10.0 to 2.11.0

The service roles for services running MarkLogic Data Hub Service versions 2.10.0 to 2.11.0.

Role Name Role Description
  • data-hub-security-admin
  • Permits an assigned user:
    • To map service roles to LDAP roles.
  • To view the role description, see MarkLogic Data Hub Users and Roles.
  • data-hub-admin
  • data-hub-developer
  • data-hub-operator
  • data-hub-monitor
  • pii-reader
Important: The data-hub-developer and data-hub-operator service roles have additional descriptions in Data Hub Explorer. See Data Hub Explorer Security.
  • data-hub-explorer-architect
  • ODBC User (odbcUser)
  • Permits an assigned user:
    • To use an ODBC client to access the Analytics ODBC endpoint.

2.9.11 and Earlier Versions

The service roles for services running MarkLogic Data Hub Service version 2.9.11 and earlier verions.

Role Identifier Description
Flow DeveloperflowDeveloper

Permits a developer:

  • To create, modify, and upload new or modified modules to the MODULES database.
  • To create, modify, and upload new or modified flows to production.
  • To deploy apps.
  • To configure indexes on either the STAGING database or the FINAL database.
  • To load and configure JSON or XML schemas and TDE templates into the STAGING SCHEMAS database and FINAL SCHEMAS database using the data-hub-ADMIN appserver with the database parameter.
  • To load trigger definitions into the STAGING TRIGGERS database and FINAL TRIGGERS database using the data-hub-ADMIN appserver with the database parameter.
  • To load flows and endpoint modules into the MODULES database using the data-hub-ADMIN appserver with the database parameter. When deploying flow modules used for mapping and/or mastering, the flowDeveloper must grant execute permissions on the modules to the flowOperator.
Flow OperatorflowOperator

Permits an operator:

  • To load and modify data in the STAGING database and the FINAL database, including:
    • Ingesting data into the data-hub-STAGING database, potentially transforming the data with input flows.
    • Mapping and mastering the data and storing indexable data into the data-hub-FINAL database with indexable data.
  • To execute a flow (for example, via ml-gradle).
  • To monitor jobs (for example, view records in the JOBS database).
Endpoint DeveloperendpointDeveloper

Permits a developer:

  • To access endpoints and records in the FINAL database.
  • To add documents to the MODULES database.
  • To create endpoints and specify ports.
  • To use Data Services APIs.
  • To configure indexes on the FINAL database.
  • To load and configure JSON or XML schemas into the FINAL SCHEMAS database using the data-hub-ADMIN appserver with the database parameter.
  • To configure TDE templates into the FINAL SCHEMAS database using the data-hub-ADMIN appserver with the database parameter.
  • To load trigger definitions into the FINAL TRIGGERS database using the data-hub-ADMIN appserver with the database parameter.
  • To execute flows and endpoint modules in the MODULES database, if the flowDeveloper has granted execute permissions on the modules.

However, this role:

  • Cannot modify somebody else's flows.
  • Cannot upload TDE templates nor updates indexes.

This role is comparable to a more restricted flow developer role with only a subset of the flow developer's privileges.

Endpoint UserendpointUser

Permits an operator:

  • To access harmonized data stored in the FINAL database through DHS endpoints on the data-hub-ANALYTICS or data-hub-OPERATION appservers.
ODBC UserodbcUser

Permits a user:

  • To access an analytics stack that is configured with an ODBC server.
Service Security AdminsecurityAdmin

Permits an administrator:

  • To create roles that inherit from the default Flow Developer, Flow Operator, Endpoint Developer, Endpoint User roles.

If your service is configured to use LDAP authentication, this role is mapped to the LDAP group from your Active Directory (AD) server.