Document Security

Security is often a key consideration for an organization. For many organizations, some or all document content is confidential, privileged, or otherwise restricted to authorized personnel.

At the same time, all content is more useful to the organization if it can be easily retrieved. With IDOL Server, you can have a single searchable store that respects all your security requirements.

With IDOL Server, you can index all your content, and still ensure that only permitted users can access the documents, or even see them in search results. Users need to search for data in only one place, and they always receive everything that they are allowed to see.

When you have secure content, your data storage repositories have access lists for documents. IDOL security can:

When a user has no permissions to view a document, the document does not return in any search result list.

Extract Access Lists

In your repositories, documents have an Access Control List (ACL). This is an encrypted string that defines the security groups that can access the document.

When you Retrieve Content from repositories using connectors, the connectors extract the ACLs for the document as well as the document itself. This ACL data is stored in a document field. You configure IDOL Server with this ACL field, and it reads the security information for each document.

The ACL format can vary from repository to repository, but it always describes which users can access a document, often using security groups. It usually contains:

For some repositories the format might be very different.

User Authentication

You can create user accounts with IDOL Server, and use it to ensure that only authorized users can access your system. You can also combine user authentication in IDOL with a third-party security repository.

This user authentication allows you to combine your existing security with IDOL.

Retrieve Security Information

In security repositories, you associate users with security groups, which define the permissions that a user has for different documents. IDOL can retrieve this information from your repositories. The IDOL component that stores user and group information is OmniGroupServer.

When IDOL has this information for a user, it generates an encrypted security information string. For subsequent actions that the user performs, it uses this security information to match document permissions.

Apply User Permissions

IDOL matches the security information for authenticated users against the security information contained in your document ACLs.

When a user runs a query, IDOL Server matches the query against all content, and then checks the ACL for the document. If the user security information gives them permission to access a document, IDOL Server returns the document in the search results. If the user security information does not match the permissions required in the ACL, IDOL Server does not display that document in the results list.