Manually
- Last Updated: April 5, 2026
- 2 minute read
Enable PII Manually
Procedure
- Edit your entity model definition to mark properties as PII.
-
In your favorite text editor, open your entity model definition.
-
Under the
definitionsnode, search for the key namedpii. -
Add the name of the property to be marked as PII. This property must be defined under the
propertiesnode.For example, the following model snippet defines a
Customerentity that contains anaddressproperty designated as PII:
-
{ "info": { ... },
"definitions": {
"Customer": {
"pii" : ["address"],
...,
"properties": {
"address": {
"datatype": "string",
"collation": "http://marklogic.com/collation/codepoint"
},
...
}
}
}
}
-
Run the Gradle tasks
mlLoadModulesandhubGeneratePiito generate the PII security configuration files.Unix systems
./gradlew mlLoadModules hubGeneratePii -iWindows
gradlew.bat mlLoadModules hubGeneratePii -imlLoadModules(ormlDeploy) - Deploys the model to the FINAL database. Run this task if the latest version of your model is not yet deployed to your FINAL database.hubGeneratePii- Generates the PII security configuration files from an entity model stored in your FINAL database and saves them to your project.
The PII security configuration files are saved in the following locations in your project:
- Protected paths are stored in PROJECT_DIR/src/main/ml-config/security/protected-paths/.
- Query rolesets are stored in PROJECT_DIR/src/main/ml-config/security/query-rolesets/.
- Deploy the generated PII security configuration files to your FINAL database.
-
Edit gradle.properties, and set mlSecurityUsername and mlSecurityPassword to your MarkLogic Server credentials.
Important: Your MarkLogic Server account must be assigned both manage-admin and security roles.
-
Run the Gradle task
mlDeploySecurity(ormlDeploy).Unix systems
./gradlew mlDeploySecurity -iWindows
gradlew.bat mlDeploySecurity -i
-
Results
After the configuration files are deployed,
- Only users with the pii-reader role will be able to view PII properties in harmonized documents that they are allowed to view.
- When the document is displayed to users who do not have the "pii-reader" role, PII properties are omitted entirely (i.e., neither property names nor values are visible).
See Also
Parent topic: Managing Personally Identifiable Information
Related concepts
Related tasks