Controlling access to features

You can control access to the features and types of command that are available to i2 Analyze users. To restrict (and in some cases, to allow) access to features, you need to specify a command access control file.

Note: In the production deployment process, you first configure access to features in the configuration development environment.

You can use a command access control file to specify which permissions to assign to the user groups in the user repository for your deployment. The command access control file contains permissions that apply to i2 Analyze and, where applicable, to clients and client services.

Behavior with no command access control file

When you create an example deployment, i2 Analyze is configured with the command access control file that the example contains. If no file is specified in the configuration, access control is not enabled and all users have permission to use the same set of features:

  • Create, edit, and delete Information Store records though i2 Analyst's Notebook

  • Create, retrieve, edit, and delete Analyst's Notebook charts in the Chart Store

  • Create and read notes on records and charts

  • Interact with external data sources through i2 Connect connectors

Note: Feature availability also depends on support in the i2 Analyze deployment. For example, users can't use connectors if the deployment doesn't include the i2 Connect gateway.

Behavior with a command access control file

In contrast, a command access control file must be present in order for users to receive permission to use the following features:

  • Export search results to a CSV file, or a list of records to an XLSX file

  • Use the i2 Notebook web client

  • Upload i2 Analyst's Notebook charts to the Chart Store in bulk

  • Share records with other users

  • Create alerts through the REST API

  • The administrator permission

When you specify a command access control file, access to all features is controlled by that file. Before they can use a feature, you must give the appropriate permission to a group of users.

When you upgrade a system that has access to specific features enabled, ensure that you check for new features that require new permissions. Without updating your file to add permissions, access to the features are denied to all users. For information about any new permissions, see Configuration and database changes.