Mapped Security

The Google Cloud Storage Connector supports mapped security. When you set the configuration parameter MappedSecurity to TRUE, an Access Control List (ACL) is added to each IDOL document and the SECURITYTYPE document field is set.

Security Type
Type=AUTONOMY_SECURITY_V4_GENERIC_MAPPED
SecurityACLFormat=<E=B!>:U:<U=SLE+>:G:<G=SLE+>
SecurityACLCheck=E=1?P:-,U=[U]?P:-,G=[G]?P:F
ACL Format

<EveryoneFlag>:U:<Users>:G:<Groups>

<Users> is a comma-separated list of users who are permitted to view the document, and <Groups> is a comma-separated list of groups who are permitted to view the document.

If the value of the <EveryoneFlag> is 1 (true), any user can view the document. When this flag is 0 (false), the user must be listed explicitly, or must be a member of a group listed in the ACL.

SECURITYTYPE Field Value GOOGLECLOUDSTORAGE

The following is an example security configuration for the IDOL Content component:


//----------------- Field Processing ---------------------//
[FieldProcessing]
...
30=DetectGoogleCloudStorage

[DetectGoogleCloudStorage]
PropertyFieldCSVs=*/SECURITYTYPE
PropertyMatch=GOOGLECLOUDSTORAGE
Property=SecurityGoogleCloudStorage


//----------------- Properties ---------------------//
[SecurityGoogleCloudStorage]
SecurityType=GoogleCloudStorage


//----------------- Document Security --------------------//
[Security]
0=GoogleCloudStorage

[GoogleCloudStorage]
SecurityCode=1
Library=./modules/mapped_security.dll
// or mapped_security.so on Linux

Type=AUTONOMY_SECURITY_V4_GENERIC_MAPPED
SecurityACLFormat=<E=B!>:U:<U=SLE+>:G:<G=SLE+>
SecurityACLCheck=E=1?P:-,U=[U]?P:-,G=[G]?P:F

The connector supports the SynchronizeGroups fetch action, which can be used by OmniGroupServer to retrieve users and groups that are defined in Google Cloud Storage projects and buckets. Permissions in Google Cloud Storage can also be assigned to users and groups defined in a Google Directory. To retrieve users and groups from a Google Directory, you must use the ogs_google module in OmniGroupServer. After retrieving users and groups from both sources, configure a third task to combine the users and groups into a single OmniGroupServer repository.