Roles and Permissions for Match IQ Application

You can assign appropriate roles and permissions to different users of the Match IQ application.

System Roles

The following system roles are available to run an external match, tenant match, and manage models:

  • ROLE_API, ROLE_USER - With these roles, a user can access the user interface of the Match IQ application.
  • ROLE_USER_MATCHIQ_EXTERNAL_MATCH - With this role, a user can run an external match job by using a ML model.
  • ROLE_USER_MATCHIQ_TRAIN_MODEL - With this role, a user can create and train the ML models but cannot delete a published model.
  • ROLE_USER_MATCHIQ_PUBLISH_MODEL - With this role, a user can publish the approved models. The user assigned to this role must also have a role (for example, ROLE_ADMIN_TENANT) assigned that allows the user to update the L3 configuration and run the rebuild match table task.
Note: Do not use the ROLE_USER_ML_MATCH role as it is being deprecated. Therefore, use the roles mentioned above and assign them as required.

For more granular control, you can create your own roles by assigning resources with the relevant privileges as explained in the table below.

Table 1. Match IQ Service - Permissions
Service Id Resource ID Sub-Resource ID Label Description Privileges
riq       This permission is required to launch the jobs for data analysis and training.  
  actions   Actions/Jobs    
    jobs Jobs   CREATE, READ, DELETE
  config   Config   READ
mlMatch externalMatch   ML Match Flow API APIs for external ML match CREATE, READ, UPDATE, DELETE
    mapping Column Mapping APIs for column mapping CREATE, READ, UPDATE, DELETE
    publish Get Published Models ML Model Publish API READ
  model   ML Model Flow API Model flows CREATE, READ, UPDATE, DELETE, EXECUTE
    flow Models Model Flow Creation APIs CREATE, READ, UPDATE, DELETE
    train ML Model Training APIs for training the ML Model CREATE, READ, DELETE
    approve ML Model Approve API to approve the ML model EXECUTE
    publish ML Model Publish API to publish the ML model READ, EXECUTE
    unpublish ML Model UnPublish API to unpublish the ML model EXECUTE
  config   Match IQ Config Configuration of Match IQ READ
activeLearning     Active Learning Service This service is used to manage Active Learning sessions.  
    session AL Training Model APIs for training the ML Model CREATE, READ, DELETE
    model Creating Final Model API for the final model CREATE, READ, DELETE
    prediction Prediction APIs for prediction CREATE, READ, DELETE
MDM     For Internal Publish of the Model    
  config businessModel   For updating L3 READ, UPDATE
  environment tasks.match   For triggering reindex jobs EXECUTE
    tasks.reindex   For triggering reindex jobs EXECUTE