Roles and Users


Roles are predefined in your Data Hub Service (DHS) portal and in each service you create. Each role is predefined with the appropriate privileges to perform certain tasks within its scope.

  • Portal roles are administrator roles that enable access to and perform management and operational tasks in the DHS portal.
  • Service roles enable access to and content management of a specific service.



User accounts can be configured in your DHS portal, in each service you create, and in an external authentication provider. Each user account type is restricted within their scope.

MarkLogic Data Hub Service does not automatically create user accounts. You must create portal users and service users and assign the appropriate roles to them.

  • Portal user accounts are administrator accounts used to manage the DHS portal and assigned portal roles. Although they can create, edit, and delete services, they do not have access to the contents of the databases as service users do.
    • Note: The first portal user to log into the portal is automatically assigned all portal roles. Additional portal users who log in are restricted until the first portal user assigns portal roles to them.
  • Service user accounts are restricted to the service in which they were created and assigned service roles.
    • Internal service users are user accounts configured using the portal and assigned service roles.
      • Note: Internal service users can only be assigned the service roles predefined in the DHS portal.
    • External service users are user accounts configured using an external authentication provider and assigned service roles. For details, see LDAP.
      • Note: External service users can be assigned the service roles predefined in the DHS portal or custom roles. For details about custom roles, see Custom Roles and Privileges.
      • Important: If using an external LDAP server, one or more users must exist in the Security Admin DN in the external LDAP server before you can map service roles to LDAP roles.