Security model example
The purpose of the security model is to enable the platform, at any moment, to determine whether a user can see a particular record - and, if they can, whether they can also edit it. The platform performs this calculation according to a consistent set of rules.
At their simplest, when all unordered dimensions have the default ANY resolution mode, the rules for determining access work like this:
A user can see a record if they receive "Update" or "Read only" access for at least one of the dimension values that the record has from each security dimension.
A user can edit a record if they receive "Update" access for at least one of the dimension values that the record has from each security dimension.
When an unordered dimension has the ALL resolution mode, the rules for that dimension change so that "at least one" in those descriptions becomes "all".
If a user receives multiple permissions that specify different access levels for the same dimension value, the calculation uses the most permissive level.
Calculation with ANY dimensions
For example, consider the following record, which has one value for each of two security dimensions, and two values for a third.
Record |
|
|---|---|
Security Classification | Confidential |
Intelligence Type | Open Source |
Operational Team | A, B |
Then, consider a user who has the following aggregated security permissions.
Security dimension | Value | Access level |
|---|---|---|
Security Classification | Secret | Read only |
Security Classification | Confidential | Update |
Intelligence Type | Open Source | Update |
Intelligence Type | Human Intelligence | Read only |
Operational Team | A | Read only |
Operational Team | B | Update |
To calculate this user's access to the record, i2 Analyze uses the permissions to determine the access level for each assigned dimension value, and then applies the rules.
Assigned dimension value | Access level |
|---|---|
Security Classification: Confidential | Update |
Intelligence Type: Open Source | Update |
Operational Team: A | Read only |
Operational Team: B | Update |
The user has "Update" access for at least one of the values that the record has in each dimension, and therefore receives "Update" access to the record itself.
If the record had the Secret security classification, the user would not have "Update" access for all values, but would still have at least "Read only". They would be able to see the record.
If the record had the Top Secret classification, the user would have no access according to that dimension value. They would not be able to see the record at all.
Calculation with an ALL dimension
To extend the example, imagine that the Operational Team security dimension has the ALL resolution mode. The list of access levels that the user receives does not change, but the final calculation does.
i2 Analyze now considers both of the access levels associated with values from the Operational Team dimension. Because one of those levels is "Read only", that level applies to the dimension as a whole, and therefore also to the record. Our user can still see the record, but they can no longer edit it.