System security with the i2 Connect gateway

Three separate mechanisms govern different aspects of security in a deployment of i2 Analyze with the i2 Connect gateway. You can secure the connection between the gateway and a connector; you can restrict which i2 Analyze users can run the queries that connectors implement; and connectors themselves can require users to authenticate before they can run queries.

Secure the connection to a connector: You can use client-authenticated SSL communication to secure the connection between the i2 Connect gateway and a connector. For more information, see Client-authenticated Secure Sockets Layer with i2 Connect.
Restrict access to a connector: You can use the command access control feature to control which users can use a connector. Through user groups, you can prevent users from using the i2 Connect gateway altogether, or you can restrict them to using only a subset of the deployed connectors. For more information, see Controlling access to features.
Require users to authenticate before running queries: Developers can write a connector so that users must authenticate before they can use one or more of the services that the connector provides. This feature enables connectors to interact with data sources that require users to log in, or to request authentication for their own purposes.

As well as these specific applications of i2 Analyze security, there are two other mechanisms that can affect which services a user has access to:

When a user is prevented from seeing all records of a particular type, any service that requires seeds or returns results of that type is not visible to that user.
A connector that supports user-specific configuration can, if it chooses, provide a different list of available services to different users.