|
MarkLogic internal database users
28 October 2021 12:15 PM
|
Introduction
By default, at present, MarkLogic 10 comes with four default users already configured on a new install.
These are admin, healthcheck, nobody, and infostudio-admin.
About these default users
Many times customers want to know more about these users and the reasons they exist. Also, to know if these can be removed after installing MarkLogic for security purposes.
The table below provides some basic details about these users and the reasons for their existance:
|
admin
|
During the installation, you are prompted to specify the username and password for this user. Most of the time, 'admin' is used as a username and is created as an authorized administrator with the admin role.
See https://docs.marklogic.com/guide/security/authentication#id_95214
However, it can be created with a different name as well.
If there are other users with the 'admin role' assigned to them, and if there is an 'admin' user too, then this default 'admin' user can be deleted. In general, it is good security practice to have administrator users with names other than 'admin'.
Note an administrator is the most important user and one must not lose the password for users with the admin roles. At least one such user (or superuser) should be there to perform admin tasks and you must have at least one such user in case of External Authentication failures to recover.
|
|
healthcheck
|
The healthcheck user is created by default and is used with the HealthCheck app server so can not be deleted. It simply reports back the same message "Healthy" if the server is responding well (port is 7997). For example, load balancers detect the proper running of MarkLogic via the HealthCheck App Server on port 7997.
Also, as it has no other privilege part from above by default, it cannot be used to access the MarkLogic server via GUI/qconcole.
Note: The healthcheck user is used as a default user with healthcheck app server which uses application level authentication, internal security (means uses Security database) and requires no authentication. Thus, it is fine to use any password.
|
|
infostudio-admin
|
This is now an obsolete user so this can be deleted. However, if you are upgrading make sure your systems are not using it anywhere. This is mainly left for some backward compatibility. In future releases, this user may be removed.
|
|
nobody
|
The nobody user is created by default when MarkLogic Server is installed and by default, it just has the app-user role (inherits rest-reader role). User nobody is given a password that is randomly generated. The nobody user can only access pages and perform functions for which no privileges are required.
Note: This is the default user for various app servers such as App-Services, Admin, Manage and so it cannot be deleted. By default, this cannot be used to login to the MarkLogic server.
|
Refer to the security guide for more details.
|
 (3 vote(s)) Helpful Not helpful
|
