Security model

All data in i2 Analyze can be secured so that only the users who are supposed to interact with it are able to do so. Using the i2 Analyze security model, you can decide what access users have to records and features, based on their membership of user groups.

In i2 Analyze, all users are members of one or more groups. For example, there might be a group of "administrator" users. There might be separate groups of users for each operational team in your organization. There might be a group of users with higher security clearance than others. The assignment of users to groups is handled at login.

Just as users of i2 Analyze are categorized, so too are records, according to a range of deployment-specific criteria. For example, records might be categorized according to the nature of the information they contain, or how sensitive that information is.

To make sure that users see only the records that they are allowed to see, every deployment of i2 Analyze has a security schema. The security schema defines the categories into which records must be placed, and the relationships that determine what access the users in a particular group get to records in a particular category.

In other words, the i2 Analyze security schema allows you to create rules that say things like, "Users with low security clearance cannot see sensitive records," or "Users in Team A can see only records whose source was signals intelligence." i2 Analyze then combines such rules predictably, on a per-record and per-user basis.

Important: Orthogonal to this security model, i2 Analyze supports blanket controls over the visibility of records with particular types. You can specify that only certain groups of users can see records of a specific type, and that all records of that type are invisible to all other users, regardless of security schema categories. For more information about this functionality, see Item type security.