Security dimension definitions

Security dimensions are defined in an i2 Analyze security schema file as children of the mandatory <AccessSecurityDimensions> element. A valid security schema defines at least one access security dimension.

The following example shows a simple, complete <AccessSecurityDimensions> element:

<AccessSecurityDimensions>
  <Dimension Id="SD-SC"
           DisplayName="Security Classification"
           Description="The security classification of this information"
           Ordered="true">
    <DimensionValue Id="TOP" DisplayName="Top Secret" Description="Top Secret" />
    <DimensionValue Id="RES" DisplayName="Restricted" Description="Restricted" />
  </Dimension>
</AccessSecurityDimensions>

The attributes of the <Dimension> element affect how the values in the security dimension are interpreted.

AttributeDescription
Id A unique identifier that is used to distinguish this security dimension throughout the system.
DisplayName A name that identifies this dimension to the user in clients.
Description A more detailed description of this security dimension that provides more information to the user. In the Analyst's Notebook Premium, the description is used as a tooltip.
Ordered Indicates whether the values in this dimension form a descending sequence in which each value supersedes the values below it.

Marking this dimension as Ordered="true" means that a user who has access rights to "Top Secret" data implicitly has the same access rights to "Restricted" data as well. For a dimension in which Ordered="false", there is no such implication, and access rights must be assigned explicitly for each dimension value.

The Id, DisplayName, and Description attributes of <DimensionValue> elements have the same purpose and meaning as the <Dimension> attributes with the same names. The identifiers of dimension values must be unique within the dimension that defines them.

Important: After you deploy i2 Analyze, the changes that you can make to security dimensions are limited. You cannot add or remove dimensions, or remove dimension values. You can only add values to existing dimensions. For this reason, you must understand the requirements of your organization before you deploy i2 Analyze in a production environment.