Changing item type permissions
By default, deployments of i2 Analyze do not define item type permissions. All users can see records of all types, provided that per-record security does not prevent them from doing so. To define or subsequently modify item type permissions, you must edit and redeploy the type access configuration.
Before you begin
The type access configuration is one of a group of configuration files that you can modify and send
to the i2 Analyze server without the need for system downtime. These files are stored in
the toolkit/configuration/live
directory.
To enable updating the server without the need to restart it, ensure that you have access to a
command-line tool such as postman
or curl
.
Procedure
Edit the configuration file:
If you do not already have one, obtain and configure an XML editor.
In the XML editor, open the
toolkit/configuration/live/type-access-configuration.xml
file.Using the reference and example information, modify the file to define the type access permissions that you need.
Update the deployment with your changes.
The following method deploys your changes without stopping the server, through a POST request to a REST endpoint.
To redeploy your changes using only the deployment toolkit, see Redeploying Liberty.
You must use the deployment toolkit if you are in a deployment with high availability, or if you are deploying to your production environment.
At the command line, navigate to the
toolkit/scripts
directory.Update the server with your configuration file:
setup -t updateLiveConfiguration
Update the running application by using the
reload
endpoint. Make sure that you provide the credentials of a user with administration rights:curl -i --cookie-jar cookie.txt -d j_username=<user_name> -d j_password=<password> http://<host_name>/<context_root>/j_security_check curl -i --cookie cookie.txt -X POST http://<host_name>/<context_root>/api/v1/admin/config/reload
Warning:
reload
updates the configuration without requiring a server restart, but any logged-in users are logged out from i2 Analyze when you run it.The server validates the item type configuration as it loads, and returns any errors in its response.
Test the new and updated item type permissions.
A good way to verify that your item type security configuration is loaded correctly is to call connector or gateway schema endpoints and search the response body for an item type that the current user should not be able to see.