Document Security Example
This section demonstrates how to set up mapped security to protect information that was extracted from a SharePoint repository, using the GetSharePoint processor.
Groups in SharePoint or SharePoint Online can originate from multiple sources, for example from SharePoint itself or from an on-premise Active Directory. This means that you must retrieve group information from both sources. The GetSharePointGroups processor retrieves SharePoint groups, and you can retrieve groups from Active Directory using the OmniGroupServer LDAP module. Finally, OmniGroupServer must be configured to combine the groups retrieved from both sources into a single repository.
To configure mapped security you must set up the following components:
- IDOL Server. You must set up the IDOL Content component to identify the security type associated with each document. You must also configure the IDOL Community component, so that IDOL sends user and group information to the front-end application when a user logs on. For information about how to set up IDOL Server, refer to the IDOL Document Security Administration Guide.
-
IDOL OmniGroupServer.
- Create a repository in OmniGroupServer, to contain the SharePoint group information extracted by the GetSharePointGroups processor and sent to OmniGroupServer by the PutOGS processor.
- Create a repository in OmniGroupServer to contain group information from Active Directory, and configure OmniGroupServer to retrieve the groups thorough LDAP.
- Create another repository, and configure OmniGroupServer to combine the SharePoint and Active Directory groups.
Only the final repository, that contains the combined information, should be queried by IDOL Community to populate user security info strings. For information about how to configure OmniGroupServer, see Configure OmniGroupServer.
TIP: For many security types, you might only need to create an empty repository to be populated with group information by the PutOGS processor that you configure in NiFi.
-
IDOL NiFi Ingest.
- Set up NiFi Ingest connectors to include security information (Access Control Lists) in the documents that are indexed into IDOL Content. You must also add a field to each document that identifies the security type. For information about how to do this, see Configure the NiFi Ingest Connector.
- Add a PutOGS processor to your dataflow, to send the group information that is retrieved by the connector to your IDOL OmniGroupServer. For information about how to do this, see Send Group Information to OmniGroupServer.
- A front-end application for querying IDOL Server. For information about how to configure the front-end application, refer to its documentation.