Creating a security schema

Every deployment of i2 Analyze requires a security schema that encapsulates the security model for that deployment. The easiest way to create a security schema is to start from the example that i2 provides with the platform.

Before you begin

Before you create the XML security schema file, you must design the security model for your deployment of i2 Analyze. In particular, you must identify or create the user groups to which security permissions are assigned.

When you deploy i2 Analyze, the group names in your security schema must match the names of user groups in your user repository.

About this task

An i2 Analyze security schema contains definitions of security dimensions and security permissions. When you create a security schema, you define the dimensions and dimension values first, and then define the security permissions that refer to them.

Procedure

  1. Navigate to the directory in the deployment toolkit that contains the example security schema: toolkit\configuration\examples\security-schema\example-dynamic-security-schema.xml.
  2. Make a copy of the example-dynamic-security-schema.xml file, give it an appropriate name, and then open it in an XML editor.
  3. Edit the contents of the <AccessSecurityDimensions> element so that it contains a <Dimension> element for each category that your deployment uses to determine access rights to items and records in i2 data stores.
  4. Edit the contents of the <SecurityPermissions> element:
    1. Add or modify <GroupPermissions> elements so that they reflect all the user groups to which you assign security permissions. The group names in your security schema must match the names of user groups in the user repository.
    2. Within each <GroupPermissions> element, add or modify <Permissions> elements to indicate which dimensions are affected by membership of each user group.
    3. Within each <Permissions> element, add or modify <Permission> elements to assign security levels to items and records that have particular dimension values.

      There are three permitted values for the Level attribute of the <Permission> element:

      • NONE
      • READ_ONLY
      • UPDATE
  5. Edit the contents of the <DefaultSecurityDimensionValues> element to define the default security dimension values that i2 Analyze provides to records that users create in Analyst's Notebook Premium.
    Update the value of the <DefaultSecurityDimensionValues> element with a comma separated list of identifiers of security dimension values that you want to be applied by default. For example, <DefaultSecurityDimensionValues>CON,OSI,HI</DefaultSecurityDimensionValues>.
  6. Save the completed security schema to the configuration\fragments\common\WEB-INF\classes directory in the deployment toolkit.