Security Roles and Users

Roles

Some security roles are preconfigured in your Data Hub Service (DHS) portal and in each DHS instance you create. Each role is configured with the appropriate privileges to perform certain tasks within its scope.

Portal roles (in AWS) are administrator roles that allow access to the DHS portal, which can have multiple DHS instances.
Instance roles allow access to the content of a specific DHS instance.

Users

User accounts are also restricted within their scope.

Portal user accounts are administrator accounts that can be used to manage the subscription and the DHS instances. Although they can provision, configure, and delete instances, they do not have access to the contents of the databases as instance users do. The first user account is assigned all portal roles.
Instance user accounts are restricted to the instance in which they were created and/or assigned a role.

MarkLogic Data Hub Service does not automatically create user accounts. You must create portal users (in AWS) and instance users and assign the appropriate roles to them.

Important: If you are using an external LDAP service, a user must exist in the external Active Directory before you assign them to DHS instance roles.