Controlling access to features
You can control access to the features and types of command that are available to i2 Analyze users. To restrict (and in some cases, to allow) access to features, you need to specify a command access control file.
Note: In the production deployment process, you first configure access to features in the configuration development environment.
You can use a command access control file to specify which permissions to assign to the user groups that were allocated during authentication (the system groups). The command access control file contains permissions that apply to i2 Analyze and, where applicable, to clients and client services.
Behavior with no command access control file
When you create an example deployment, i2 Analyze is configured with the command access control file that the example contains. If no file is specified in the configuration, access control is not enabled and all users have permission to use the same set of features:
Create, edit, and delete Information Store records though i2 Analyst's Notebook
Create, retrieve, edit, and delete Analyst's Notebook charts in the Chart Store
Create and read notes on records and charts
Create, edit, and save artifacts such as Visual Queries
Interact with external data sources through i2 Connect connectors
Note: Feature availability also depends on support in the i2 Analyze deployment. For example, users can't use connectors if the deployment doesn't include the i2 Connect gateway.
Behavior with a command access control file
In contrast, a command access control file must be present in order for users to receive permission to use the following features:
Export search results to a CSV file, or a list of records to an XLSX file
Use the i2 Notebook web client
Upload i2 Analyst's Notebook charts to the Chart Store in bulk
Share records and artifacts such as saved Visual Queries with other users
Create alerts through the REST API
Create and manage custom user groups
Administrator permissions
When you specify a command access control file, access to all features is controlled by that file. Before they can use a feature, you must give the appropriate permission to a group of users.
When you upgrade a system that has access to specific features enabled, ensure that you check for new features that require new permissions. Without updating your file to add permissions, access to the features is denied to all users. For information about any new permissions, see Configuration and database changes.