Roles and Permissions for Match IQ Application
Learn more about assigning appropriate roles and permissions to different users of the Match IQ application.
System Roles
Note: Match IQ is not included in tenants created after the 2025.1 release. For more information, see topic Match IQ - Feb 2026.
The following system roles are available to run an external match, tenant match, and manage models:
ROLE_API,ROLE_USER- With these roles, a user can access the user interface of the Match IQ application.ROLE_USER_MATCHIQ_EXTERNAL_MATCH- With this role, a user can run an external match job by using a ML model.ROLE_USER_MATCHIQ_TRAIN_MODEL- With this role, a user can create and train the ML models but cannot delete a published model.ROLE_USER_MATCHIQ_PUBLISH_MODEL- With this role, a user can publish the approved models. The user assigned to this role must also have a role (for example,ROLE_ADMIN_TENANT) assigned that allows the user to update the L3 configuration and run the rebuild match table task.
Note: Do not use the
ROLE_USER_ML_MATCH role as it is being deprecated.
Therefore, use the roles mentioned above and assign them as required.For more granular control, you can create your own roles by assigning resources with the relevant privileges as explained in the table below.
| Service Id | Resource ID | Sub-Resource ID | Label | Description | Privileges |
|---|---|---|---|---|---|
riq | This permission is required to launch the jobs for data analysis and training. | ||||
actions | Actions/Jobs | ||||
jobs | Jobs | CREATE, READ, DELETE | |||
config | Config | READ | |||
mlMatch | externalMatch | ML Match Flow API | APIs for external ML match | CREATE, READ, UPDATE, DELETE | |
flow | |||||
mapping | Column Mapping | APIs for column mapping | CREATE, READ, UPDATE, DELETE | ||
publish | Get Published Models | ML Model Publish API | READ | ||
model | ML Model Flow API | Model flows | CREATE, READ, UPDATE, DELETE, EXECUTE | ||
flow | Models | Model Flow Creation APIs | CREATE, READ, UPDATE, DELETE | ||
train | ML Model Training | APIs for training the ML Model | CREATE, READ, DELETE | ||
approve | ML Model Approve | API to approve the ML model | EXECUTE | ||
publish | ML Model Publish | API to publish the ML model | READ, EXECUTE | ||
unpublish | ML Model UnPublish | API to unpublish the ML model | EXECUTE | ||
config | Match IQ Config | Configuration of Match IQ | READ | ||
activeLearning | Active Learning Service | This service is used to manage Active Learning sessions. | |||
session | AL Training Model | APIs for training the ML Model | CREATE, READ, DELETE | ||
model | Creating Final Model | API for the final model | CREATE, READ, DELETE | ||
prediction | Prediction | APIs for prediction | CREATE, READ, DELETE | ||
MDM | For Internal Publish of the Model | ||||
config | businessModel | For updating L3 | READ, UPDATE | ||
environment | tasks.match | For triggering reindex jobs | EXECUTE | ||
tasks.reindex | For triggering reindex jobs | EXECUTE | |||