Changing item type permissions

By default, deployments of i2 Analyze do not define item type permissions. All users can see records of all types, provided that per-record security does not prevent them from doing so. To define or subsequently modify item type permissions, you must edit and redeploy the type access configuration.

Before you begin

The type access configuration is one of a group of configuration files that you can modify and send to the i2 Analyze server without the need for system downtime. These files are stored in the toolkit/configuration/live directory.

To enable updating the server without the need to restart it, ensure that you have access to a command-line tool such as postman or curl.

Procedure

Edit the configuration file:

  1. If you do not already have one, obtain and configure an XML editor.

  2. In the XML editor, open the toolkit/configuration/live/type-access-configuration.xml file.

  3. Using the reference and example information, modify the file to define the type access permissions that you need.

Update the deployment with your changes.

The following method deploys your changes without stopping the server, through a POST request to a REST endpoint.

To redeploy your changes using only the deployment toolkit, see Redeploying Liberty.

You must use the deployment toolkit if you are in a deployment with high availability, or if you are deploying to your production environment.

  1. At the command line, navigate to the toolkit/scripts directory.

  2. Update the server with your configuration file:

     setup -t updateLiveConfiguration

  3. Update the running application by using the reload endpoint. Make sure that you provide the credentials of a user with administration rights:

     curl -i --cookie-jar cookie.txt -d j_username=<user_name>
                                 -d j_password=<password>
                                 http://<host_name>/<context_root>/j_security_check

 curl -i --cookie cookie.txt -X
      POST http://<host_name>/<context_root>/api/v1/admin/config/reload

    Warning: reload updates the configuration without requiring a server restart, but any logged-in users are logged out from i2 Analyze when you run it.

    The server validates the item type configuration as it loads, and returns any errors in its response.

Test the new and updated item type permissions.

  1. A good way to verify that your item type security configuration is loaded correctly is to call connector or gateway schema endpoints and search the response body for an item type that the current user should not be able to see.