Controlling access to features

You can control access to the features and types of command that are available to i2 Analyze users. To restrict (and in some cases, to allow) access to features, you need to specify a command access control file.

Note: In the production deployment process, you first configure access to features in the configuration development environment.

You can use a command access control file to specify which permissions to assign to the user groups in the user repository for your deployment. The command access control file contains permissions that apply to i2 Analyze and, where applicable, to clients and client services.

When you create an example deployment, i2 Analyze is configured with the command access control file that the example contains. However, when no file is specified in the configuration, access control is not enabled. All authenticated users can access all features except:

  • Exporting search results to a CSV file
  • Using the i2 Notebook web client
  • Uploading i2 Analyst's Notebook charts to the Chart Store in bulk
  • Creating alerts through the REST API
  • The administrator permission

After you specify a command access control file, access to all features is controlled by that file. Before they can use a feature, you must give the appropriate permission to a group of users.

When you upgrade a system that has access to specific features enabled, ensure that you check for new features that require new permissions. Without updating your file to add permissions, access to the features are denied to all users. For information about any new permissions, see Configuration and database changes.