Security permission definitions

The security permission definitions in an i2 Analyze security schema each associate a single dimension value with a single security level. The definitions can be simple because of the additional context that their location in the security schema file provides.

The <Permission> elements that define security permissions always appear inside <Permissions> elements, which in turn always appear inside <GroupPermissions> elements.

<GroupPermissions UserGroup="Manager">
    <Permissions Dimension="SD-SC">
        <Permission DimensionValue="TOP" Level="UPDATE" />
        <Permission DimensionValue="RES" Level="UPDATE" />
    </Permissions>
    <Permissions Dimension="SD-IT">
        <Permission DimensionValue="HUMINT" Level="READ_ONLY" />
    </Permissions>
</GroupPermissions>

It is possible, and often desirable, for identical <Permission> elements to appear in different locations in an i2 Analyze security schema. The effect of a security permission definition depends entirely on its position in the file.

Important: Like the <GroupPermissions> elements that contain them, you can add and remove <Permissions> and <Permission> elements from a deployed security schema, if the resulting system does not break the rules of i2 Analyze.