Creating a security schema

Every deployment of i2 Analyze requires a security schema file that encapsulates the security model for that deployment. The easiest way to create the file is to start from the example that i2 provides with the platform.

Before you begin

Try to consider the following aspects of your security model before you create the XML security schema file:

  • Decide on the security dimensions for categorizing the records in your deployment.

    Adding, removing, and modifying dimension values is relatively easy, but changing the dimensions themselves can be an expensive operation.

  • Identify the user groups to which security permissions are to be assigned.

    When you deploy i2 Analyze, the group names in your security schema must match the names of system user groups in your user registry.

About this task

An i2 Analyze security schema file contains definitions of security dimensions and security permissions. When you create the file, you define the dimensions first, and then define the security permissions that refer to them.

Note: Optionally, you can specify that values of a particular security dimension, or the permissions for a particular user, are provided or added while the server is running. For more information, see Providing security dimension values and Providing security permissions. The procedure here assumes that everything is defined in the XML file.

Procedure

The following steps describe how to create and configure a security schema file.

  1. Navigate to the directory in the deployment toolkit that contains the example security schema: toolkit\configuration\examples\security-schema.

  2. Make a copy of the example-dynamic-security-schema.xml file, give it an appropriate name, and then open it in an XML editor.

  3. Edit the contents of the <AccessSecurityDimensions> element so that it contains a <Dimension> element for each category that your deployment uses to determine access rights to i2 Analyze records.

  4. Edit the contents of the <SecurityPermissions> element:

    1. Add or modify <GroupPermissions> elements so that they reflect all the user groups to which you assign security permissions. The group names in your security schema must match the names of system user groups.

    2. Within each <GroupPermissions> element, add or modify <Permissions> elements to indicate which dimensions are affected by membership of each user group.

    3. Within each <Permissions> element, add or modify <Permission> elements to assign access levels to records that have particular dimension values.

      There are two permitted values for the Level attribute of the <Permission> element:

      • READ_ONLY

      • UPDATE

      For each <Permissions> element, any dimension value that does not feature in a <Permission> element is implicitly associated with the NONE access level.

  5. Edit the contents of the <DefaultSecurityDimensionValues> element to define the default security dimension values that i2 Analyze provides to any records that users create.

    Update the value of the <DefaultSecurityDimensionValues> element with a comma-separated list of identifiers of security dimension values that you want to be applied by default. For example, <DefaultSecurityDimensionValues>CON,OSI,HI</DefaultSecurityDimensionValues>.

  6. Save the completed security schema file to the configuration\fragments\common\WEB-INF\classes directory in the deployment toolkit.