Groups

ACLs are often expressed in terms of users and groups. To determine whether a user can access a document, IDOL must know which security groups a user belongs to. IDOL requests this information from a group server such as OmniGroupServer. The group server can retrieve the group membership information from a repository directly or request the information from a connector.

Sample Scenario 1

Users authenticate with a repository using their Windows domain credentials. For each document in the repository, users can specify a list of domain users and a list of domain groups that are permitted to access the document.

The connector retrieves documents from the repository and includes an ACL with each one that is ingested. The ACL lists the domain users and domain groups that have permission to view the document.

The group server retrieves group membership information for domain groups from Active Directory. IDOL can query the group server to get a list of the domain groups for any given domain user.

IDOL uses the ACL and group membership information to work out whether a user is allowed to view the document.

Sample Scenario 2

Users authenticate with a repository using a user name and password specific to the repository. The repository has its own system for storing which users are members of which groups. For each document users can specify a list of which users and groups can access the document.

The connector retrieves documents from the repository and includes an ACL with each one ingested. The ACL lists users and groups who are permitted to view the document.

The group server requests group membership information from the connector using the SynchronizeGroups fetch action. The connector retrieves group membership information from the repository and returns it to the group server.

IDOL can work out whether a given user is allowed to view a document based on the information in the ACL and the group membership information from the group server.