System Architecture

To configure custom mapped security, you must set up the following components:

  • A connector to extract information from your repository. The connector must add an ACL to each document, and add a field that identifies the custom security type. You can use a connector processor in NiFi Ingest, or a stand-alone connector with CFS.
  • OpenText IDOL Content component. You must specify the format of the ACL and the sequence of security checks to perform.

The connector retrieves information from your data repository and NiFi Ingest processes it to index into Content. The connector adds an encrypted ACL to each document. The ACL is in a custom format.

When Content receives a query, it sends the user's securityinfo token and the result documents to the Generic Security Module, part of the Mapped Security Plug-in. The Generic Security Module determines whether a user is allowed to see documents retrieved as query results. The structure of the ACL and the sequence of security checks that the Generic Security Module must perform are specified by configuration parameters in the IDOL Content component configuration file.