Custom Roles and Privileges
In addition to the predefined Data Hub roles, you also need to create and deploy custom roles that give you access to your databases in MarkLogic Server.
A custom role can:
- Inherit its privileges from predefined roles. Learn more: Users and Roles
- Use predefined MarkLogic privileges. Learn more: Pre-defined Execute Privileges
- Use your own custom privileges.
You can generate custom roles and privileges in two ways:
For a list of roles that a custom role can inherit:
- Look for roles marked as inheritable in Users and Roles.
- Run the Gradle task hubPrintInheritableRoles.
./gradlew hubPrintInheritableRoles -i gradlew.bat hubPrintInheritableRoles -i
Create Directly in MarkLogic Server
You can create custom privileges directly in MarkLogic Server using the Admin Interface.
You can create custom roles directly in MarkLogic Server:
Create and Deploy Using Gradle
You can manually create your custom roles and privileges in your development environment and later deploy them to your production environment using Gradle.
- (Optional) Create your custom privileges.
The custom privilege definition is a JSON file that contains the privilege name, the kind of privilege (typically
execute
), and the action URI.{ "privilege-name": "my-custom-privilege-name", "kind": "execute", "action": "the-URI-of-the-custom-privilege" }
Note: Store your custom privilege JSON files in the your-project-root/src/main/ml-config/security/privileges directory.Alternatively, you can define your custom privilege within the
privilege
array of your custom role definition. - Create your custom roles with the predefined MarkLogic Server privileges or your custom privileges.
The custom role definition is a JSON file that contains the role name, an optional description, and an array of privileges. Example ():
For a list of MarkLogic Server privileges, see Appendix B: Pre-defined Execute Privileges of MarkLogic Server Administrator's Guide
Note: Store your custom role JSON files in the your-project-root/src/main/ml-config/security/roles directory. - To deploy the new custom roles and privileges to your production environment (whether on-premises or in DHS), run the Gradle task hubDeployAsSecurityAdmin.
./gradlew hubDeployAsSecurityAdmin -PenvironmentName=dhs -i gradlew.bat hubDeployAsSecurityAdmin -PenvironmentName=dhs -i See an example that shows how to deploy a custom role to DHS.