i2 Analyze security dimensions

In the i2 Analyze security model, a security dimension is a way to categorize a record, with the aim of using its category to determine whether particular users are allowed to view or modify it. The available security dimensions in a deployment of i2 Analyze are specific to that deployment, and they are defined in its security schema.

A deployment of i2 Analyze might need several different ways to categorize records:

As a result, the deployment requires several security dimensions. Each dimension contains a set of values that records can have in order to classify them within that dimension.

To continue the example, the three dimensions might contain values as follows:

As a result of these definitions, for example, it is possible to mark a record as containing confidential information derived from a human informant, to be available to users in Team B.

In some dimensions (such as security classification), the possible values form a sequence from which each record takes a single value. In these cases, the values act as levels, where each value supersedes all the values after it. If a record is "Top Secret", it cannot be "Restricted" at the same time.

In dimensions such as operational team, where the values do not form a sequence, records can take one or more values. A record might be available to users in Team B and Team C.

Every record in an i2 Analyze deployment must have at least one value from each of the security dimensions in that deployment. There is no such thing as an "optional" dimension. For example:

There are no restrictions on the numbers of dimensions or values that a security schema can define. Keep in mind, though, that the more dimensions there are, the more complicated it becomes to maintain the security schema.