Accelerate the Value of Data

Roles and Permissions for Match IQ Application

You can assign appropriate roles and permissions to different users of the Match IQ application.

System Roles

The following system roles are available to run an external match, tenant match, and manage models:

  • ROLE_API, ROLE_USER - With these roles, a user can access the user interface of the Match IQ application.
  • ROLE_USER_MATCHIQ_EXTERNAL_MATCH - With this role, a user can run an external match job by using a ML model.
  • ROLE_USER_MATCHIQ_TRAIN_MODEL - With this role, a user can create and train the ML models but cannot delete a published model.
  • ROLE_USER_MATCHIQ_PUBLISH_MODEL - With this role, a user can publish the approved models. The user assigned to this role must also have a role (for example, ROLE_ADMIN_TENANT) assigned that allows the user to update the L3 configuration and run the rebuild match table task.
Note: Do not use the ROLE_USER_ML_MATCH role as it is being deprecated. Therefore, use the roles mentioned above and assign them as required.

For more granular control, you can create your own roles by assigning resources with the relevant privileges as explained in the table below.

Table 1. Match IQ Service - Permissions
Service Id Resource ID Sub-Resource ID Label Description Privileges
riq This permission is required to launch the jobs for data analysis and training.
actions Actions/Jobs
config Config READ
mlMatch externalMatch ML Match Flow API APIs for external ML match CREATE, READ, UPDATE, DELETE
mapping Column Mapping APIs for column mapping CREATE, READ, UPDATE, DELETE
publish Get Published Models ML Model Publish API READ
flow Models Model Flow Creation APIs CREATE, READ, UPDATE, DELETE
train ML Model Training APIs for training the ML Model CREATE, READ, DELETE
approve ML Model Approve API to approve the ML model EXECUTE
publish ML Model Publish API to publish the ML model READ, EXECUTE
unpublish ML Model UnPublish API to unpublish the ML model EXECUTE
config Match IQ Config Configuration of Match IQ READ
activeLearning Active Learning Service This service is used to manage Active Learning sessions.
session AL Training Model APIs for training the ML Model CREATE, READ, DELETE
model Creating Final Model API for the final model CREATE, READ, DELETE
prediction Prediction APIs for prediction CREATE, READ, DELETE
MDM For Internal Publish of the Model
config businessModel For updating L3 READ, UPDATE
environment tasks.match For triggering reindex jobs EXECUTE
tasks.reindex For triggering reindex jobs EXECUTE