Configuring security

"Configuring security" in the context of this page refers to configuring which MarkLogic user is used for each job that ml-gradle performs during a deployment.

ml-gradle supports different MarkLogic user accounts for the various jobs performed during a deployment. See the sample project gradle.properties file for an example of configuring those accounts. The Property Reference also provides information about these accounts, which are summarized below:

mlUsername/mlPassword = default user that is used when any of the below are not specified
mlRestAdminUsername/mlRestAdminPassword = for loading modules; the user must have the "rest-admin" role. Non-REST modules are loaded via port 8000, and REST modules (e.g. resources, options, transforms) are by default loaded via the port defined by mlRestPort. See How modules are loaded for more information.
mlManageUsername/mlManagePassword = for talking to the Manage server on port 8002 on port 8001; the user must have the "manage-admin" role
3.4.0 and later - mlSecurityUsername/mlSecurityPassword = for talking to Security endpoints on port 8002 that require a user with both the "manage-admin" and "security" roles.
Prior to 3.4.0 - mlAdminUsername/mlAdminPassword = for talking to the Admin server on port 8001 and for the Security endpoints that require a user with both the "manage-admin" and "security" roles (which is often an admin user)

Also see Connecting to the Manage API for more information on how to control the connection to the Manage API.

Regarding mlSecurityUsername (3.4.0 and later) and mlAdminUsername (prior to 3.4.0) - the specific use case for this is when you want to create an application-specific user with at least the manage-admin role, but you need some existing user in order to perform that operation. Often, that is the MarkLogic admin user. But you may also have an existing user that has both the manage-admin and security roles, and you wish to use this instead, thus limiting the use of the admin user as much as possible (always a good goal).

The change from "mlAdminUsername" to "mlSecurityUsername" in 3.4.0 was made to make this distinction more clear - an admin user isn't required, simply a user with the "security" role, in addition to "manage-admin".

Configuring security

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally