Security schemas

An i2 Analyze security schema defines the security dimensions that exist in a deployment, and the dimension values that can be assigned to items and records. A security schema also defines the permissions that i2 Analyze users can receive.

Every deployment of i2 Analyze has a security schema whose contents reflect local requirements. It is the responsibility of the deployer to ensure that the security schema is appropriate for the environment where it is used. Often, the security dimensions map to security classifications that exist in the organization.

Before you create a security schema, it is important to understand the relationship between the security model and the security schema. For more information, see i2 Analyze security model .

Security dimensions

A security schema defines access security dimensions that contain dimensions and dimension values.

Security permissions

A security schema defines security permissions by user group, and then by dimension. For a particular user group, the schema identifies one or more dimensions for which membership of that group affects access rights. For each identified dimension, the schema contains a list of security permissions.

It is not necessary for the security schema to define permissions for every user group in the organization. Similarly, it is not necessary for the permissions within any particular dimension or group to set a security level for every possible dimension value. The completeness of the schema is judged at run time when the security level of a particular user for a particular item or record is calculated.