Security is often a key consideration for an organization. For many organizations, some or all document content is confidential, privileged, or otherwise restricted to authorized personnel.
At the same time, all content is more useful to the organization if it can be easily retrieved. With IDOL Server, you can have a single searchable store that respects all your security requirements.
With IDOL Server, you can index all your content, and still ensure that only permitted users can access the documents, or even see them in search results. Users need to search for data in only one place, and they always receive everything that they are allowed to see.
When you have secure content, your data storage repositories have access lists for documents. IDOL security can:
extract the access information from your documents.
authenticate users against your security repositories.
retrieve and store the security information for a user from your repositories.
compare user permissions to the document access restrictions to make sure that only authorized users can view a document.
When a user has no permissions to view a document, the document does not return in any search result list.
In your repositories, documents have an Access Control List (ACL). This is an encrypted string that defines the security groups that can access the document.
When you Retrieve Content from repositories using connectors, the connectors extract the ACLs for the document as well as the document itself. This ACL data is stored in a document field. You configure IDOL Server with this ACL field, and it reads the security information for each document.
The ACL format can vary from repository to repository, but it always describes which users can access a document, often using security groups. It usually contains:
a list of users and groups that must never be allowed to access the document
a list of users and groups that must be allowed, unless they are in the not allowed list.
For some repositories the format might be very different.
You can create user accounts with IDOL Server, and use it to ensure that only authorized users can access your system. You can also combine user authentication in IDOL with a third-party security repository.
This user authentication allows you to combine your existing security with IDOL.
In security repositories, you associate users with security groups, which define the permissions that a user has for different documents. IDOL can retrieve this information from your repositories. The IDOL component that stores user and group information is OmniGroupServer.
When IDOL has this information for a user, it generates an encrypted security information string. For subsequent actions that the user performs, it uses this security information to match document permissions.
IDOL matches the security information for authenticated users against the security information contained in your document ACLs.
When a user runs a query, IDOL Server matches the query against all content, and then checks the ACL for the document. If the user security information gives them permission to access a document, IDOL Server returns the document in the search results. If the user security information does not match the permissions required in the ACL, IDOL Server does not display that document in the results list.
|