Enable PII Using QuickStart

Before you begin

You need:

About this task

Procedure

  1. Edit your entity model definition to mark properties as PII.
    1. Start QuickStart and log in to your MarkLogic server.
    2. Edit the entity model. You might have to expand the card to display the entity descriptor.
    3. In the row of the property to designate as PII, click on the PII column.
      Entity properties that are designated as PII have a padlock icon in their PII column.

When you save a model that includes PII entity properties, QuickStart automatically generates security configuration files from the model. Specifically, it performs the following:
  • Deploys the model descriptor to the FINAL database.
  • Requests MarkLogic to generate a security configuration for the PII properties in the model.
  • Saves the resulting configuration files to your project.
The PII security configuration files are saved in the following locations in your project:
  • Protected paths are stored in PROJECT_DIR/src/main/ml-config/security/protected-paths/.
  • Query rolesets are stored in PROJECT_DIR/src/main/ml-config/security/query-rolesets/.
  1. Deploy the generated PII security configuration files to your FINAL database.
    1. Edit gradle.properties, and set mlSecurityUsername and mlSecurityPassword to your MarkLogic Server credentials.
      Important: Your MarkLogic Server account must be assigned both manage-admin and security roles.
    2. Run the Gradle task mlDeploySecurity (or mlDeploy).
      ./gradlew mlDeploySecuritygradlew.bat mlDeploySecurity

Results

After the configuration files are deployed,
  • Only users with the pii-reader role will be able to view PII properties in harmonized documents that they are allowed to view.
  • When the document is displayed to users who do not have the "pii-reader" role, PII properties are omitted entirely (i.e., neither property names nor values are visible).