Security permission definitions
The security permission definitions in an i2 Analyze security schema each associate a single dimension value with a single access level. The definitions can be simple because of the additional context that their location in the security schema file provides.
The <Permission> elements that define security permissions always appear inside <Permissions> elements, which in turn always appear inside <GroupPermissions> elements.
<GroupPermissions UserGroup="Manager">
<Permissions Dimension="SD-SC">
<Permission DimensionValue="TOP" Level="UPDATE" />
<Permission DimensionValue="RES" Level="UPDATE" />
</Permissions>
<Permissions Dimension="SD-IT">
<Permission DimensionValue="HUMINT" Level="READ_ONLY" />
</Permissions>
</GroupPermissions>
It is possible, and often desirable, for identical <Permission> elements to appear in different locations in an i2 Analyze security schema. The effect of a security permission definition depends entirely on its position in the file.
Important: Like the <GroupPermissions> elements that contain them, you can add and remove <Permissions> and <Permission> elements from a deployed security schema, as long as the resulting system does not break the rules of i2 Analyze.