Security
IDOL allows you to set permissions and to protect your information and ensure that only the correct people can access it.
Security in IDOL covers the following main areas:
-
User authentication
-
Document security
-
Index Encryption
-
Secure communications
The following sections provides a little more information about security in IDOL. For further information, refer to the IDOL Document Security Administration Guide.
User Authentication
User authentication in IDOL is managed by the Community component, which stores details of your users and their security information. You can create users directly in Community, or synchronize the user data from another user repository, such as Microsoft Active Directory.
Another important component in IDOL security is the OmniGroupServer, which collects security information from your repositories, and applies it to the users in IDOL.
Document Security
The information that you store in the IDOL text index might come from many different repositories. Most repositories have security features that apply permissions to files, so that only authorized users can access them. These repositories store details about the user names that use the system, and the permission groups that these users belong to.
When you index the data into IDOL, IDOL includes security information from your repositories, by using IDOL mapped security. Mapped security ensures that query results return only documents that the user has permission to view, without needing to call out to the original secure repository, which reduces overhead and improves responsiveness.
In mapped security, IDOL compares the security details for a user against an Access Control List (ACL) in the document.
IDOL connectors create the ACLs when they ingest the document, by using the permissions in your data repositories. The ACL contains information about the users and groups that have permission to view the document.
The IDOL OmniGroupServer collects and stores the user and group information for your users, and provides it to the IDOL Community component, which manages the authentication.
The general process for a system that uses document security is:
-
The user logs on to your application, which sends authentication details to the IDOL Community component.
-
Community returns a user security info token to the application, which stores it for the user session.
-
The user sends a text query through your application, and the application attaches the user security info token to the query that it forwards to the IDOL Content component.
-
IDOL uses the security information in the query string to check the user permissions. It matches the security string against the document ACLs.
-
IDOL returns any documents that match the query that the user has permission to see. It excludes any matching documents that the user does not have permissions for.
IDOL document security applies to any kind of query in IDOL that handles documents. For example, users can add a document to their agents only if they have permissions to see it. Those permissions then apply to other users viewing the agents.
Index Encryption
You can configure the IDOL Content component to encrypt the document data that it stores on disk. Index encryption ensures that even administrators who have access to the servers where you store IDOL content cannot view any content from documents that they do not have permission to view.
For more information about index encryption, refer to the IDOL Content component Help.
Secure Communications
You can configure Transport Layer Security (TLS/SSL) communications for all ACI servers, NiFi and front-end applications.
IDOL also supports GSSAPI for authentication and secure communications.