The command access control file
The structure of the command access control XML configuration file and the permissions that it contains combine to control which i2 Analyze commands and features are available to users. Use the following reference and example information when you create your own configuration file.
File structure
- <CommandAccessControl>
The <CommandAccessControl> element is the root of the configuration file. It contains child <CommandAccessPermissions> elements.
- <CommandAccessPermissions>
The <CommandAccessPermissions> element contains the access permissions for groups of users.
- <Permission>
The Value attribute of the <Permission> element defines a permission that members of the user group that is specified in the parent <CommandAccessPermissions> element have access to.
Command access permissions
The i2 Analyze command access permissions control access to features across a number of categories:
Record and chart permissions control access to commands for record and chart management.
Web client permissions control access to features in the web client.
Connector permissions control access to connectors when your deployment includes the i2 Connect gateway.
Sharing permissions control access to commands for sharing artifacts with other users.
Administrator permissions control access to REST API endpoints (including the admin endpoint), and to the apps within the admin console.
Record and chart permissions
- i2:RecordsUpload
Members of groups that have this permission can create and modify records and upload them to the Information Store.
- i2:RecordsDelete
Members of groups that have this permission can delete records that were originally uploaded through Analyst's Notebook.
- i2:RecordsExport
Members of groups that have this permission can:
Export records that are returned in search results to a CSV file
Export a list of records in the i2 Notebook web client to an XLSX file
Copy a list of records in the i2 Notebook web client to the clipboard
- i2:ChartsRead
Members of groups that have this permission can search for and retrieve charts from the Chart Store.
- i2:ChartsUpload
Members of groups that have this permission can create and modify Analyst's Notebook charts and upload them to the Chart Store. Modifying a chart includes deleting versions of a chart, but not deleting the chart itself.
- i2:ChartsBulkUpload
Members of groups that have this permission receive access to the Upload from Folder feature in i2 Analyst's Notebook that enables users to upload charts from disk to the Chart Store in bulk.
- i2:ChartsDelete
Members of groups that have this permission can delete charts that were originally uploaded through Analyst's Notebook.
- i2:Notes
Members of groups that have this permission can create and access notes on records and charts.
- i2:CustomTypes
Members of groups that have this permission can create, delete, and edit custom entity, link, and property types in Analyst's Notebook charts. The functionality that allows users to perform these actions is available through palettes, the Record Inspector, and the import wizard.
Web client permissions
- i2:Notebook
Members of groups that have this permission can access the i2 Notebook web client. Members of groups without this permission see the i2 Investigate web client instead.
Connector permissions
- i2:Connectors
If you are using the i2 Connect gateway, members of groups that have this permission can view all i2 Connect connectors.
- i2:Connectors:<connector-id>
If you are using the i2 Connect gateway, members of groups that have this permission can view the i2 Connect connector with the matching <connector-id>. For example, i2:Connectors:example-connector.
Sharing permissions
- i2:Share
Members of groups that have this permission receive all the permissions listed below. They can take advantage of all the features for sharing records and artifacts that i2 Analyze supports.
- i2:Share:Artifacts
Members of groups that have this permission can share artifacts with specific users and groups.
- i2:Share:Records
Members of groups that have this permission can share records with other i2 Analyze users, and see the records that other users have shared.
Administrator permissions
- i2:AlertsCreate
Members of groups that have this permission can access the REST API alerts endpoint to create and send alerts to i2 Analyze users. For more information, see Managing i2 Analyze.
- i2:Administrator
Members of groups that have this permission can access the REST API admin endpoints and all the apps in the admin console. They also get the privileges of all the other administrator permissions.
- i2:Administrator:Connectors
Members of groups that have this permission can access the REST API endpoints for managing connectors. They can also access the i2 Connect gateway status and i2 Analyze type conversion apps in the admin console.
- i2:Administrator:Groups
Members of groups that have this permission can access the User group management app in the admin console.
- i2:Administrator:Indexing
Members of groups that have this permission can access the REST API endpoints for viewing the status of the Information Store index, and for clearing and rebuilding it if necessary.
- i2:Administrator:SavedArtifacts
Members of groups that have this permission have unrestricted access to all saved artifacts, including the ability to change who they're shared with. They can also share any new artifacts of their own.