Document Security
Document security ensures that users can access only those documents for which they have the necessary permissions.
When a user logs on to a front-end application and is authenticated successfully, the IDOL Community component returns an encrypted security string to the front-end application. This string identifies the user and contains information about their group memberships. The front-end application must include this security string in every subsequent query it sends to the IDOL Content component.
When a user submits a query, IDOL determines whether they are permitted to view a document by comparing their security details against an Access Control List (ACL) that has been added to the document. An ACL is added to each IDOL document because checking permissions with the original data repositories would introduce a significant delay between the query and IDOL returning its response.
When connectors fetch information from data repositories they add an encrypted Access Control List (ACL) to a metadata field in each document. The ACL contains information about which users and groups are permitted to access the document. The documents, and therefore the ACLs, are indexed into the IDOL Content component.
A user might be allowed or denied permission to view a document because they are a member of a security group. This means that IDOL must consider group memberships, in addition to permissions, before it can determine whether a user can view a document. OmniGroupServer collects user and group information, and stores it, so that the IDOL Community component can access this information and include it in the security string.
Mapped Security is suitable for most environments, particularly where the security settings for documents do not change often. There can be a short delay between the security settings changing in the original data repository and the information being updated in the IDOL index.