Security dimension definitions
Security dimensions are defined in an i2 Analyze security schema file as children of the mandatory <AccessSecurityDimensions> element. A valid security schema defines at least one security dimension.
The following example shows a simple, complete <AccessSecurityDimensions> element:
<AccessSecurityDimensions>
<Dimension Id="SD-OT"
DisplayName="Operational Team"
Description="The teams whose members have access to this information"
Ordered="false"
ResolutionMode="ANY">
<DimensionValue Id="SD-OT-A" DisplayName="Team A" Description="Team A" />
<DimensionValue Id="SD-OT-B" DisplayName="Team B" Description="Team B" />
</Dimension>
</AccessSecurityDimensions>
The attributes of the <Dimension> element affect how the values in the security dimension are interpreted.
Attribute | Description |
---|---|
Id | A unique identifier that is used to distinguish this security dimension throughout the system. |
DisplayName | A name that identifies this dimension to the user in clients. |
Description | A more detailed description of this security dimension that provides more information to the user. In Analyst's Notebook, the description is used as a tooltip. |
Ordered | Indicates whether the values in this dimension form a descending sequence in which each value supersedes the values below it. The permitted values are true and false. |
ResolutionMode | Determines how i2 Analyze calculates access when a record has more than one value from this dimension. The permitted values are ANY and ALL. If the attribute is not present, the default behavior is ANY. |
Note: ResolutionMode="ALL" is valid only when Ordered="false". A record cannot have multiple values from a dimension in which Ordered="true". For more information, see i2 Analyze security dimensions.
The Id, DisplayName, and Description attributes of <DimensionValue> elements have the same purpose and meaning as the <Dimension> attributes with the same names. The identifiers of dimension values must also be unique throughout the security schema.
Important: After you deploy i2 Analyze, the changes that you can make to security dimensions are limited. You cannot add or remove dimensions, or move dimension values between dimensions. For this reason, you must understand the requirements of your organization before you deploy i2 Analyze in a production environment.