Attivio v5.6 Documentation
Page tree
Skip to end of metadata
Go to start of metadata

Overview

This page describes how to create a custom form of content security without using the Attivio security module.

The security module has a built-in Content Security feature that can be used to secure indexed content in an easy-to-use manner. It uses a Content Security model which can be customized for specific end-user needs. If the contentSecurity feature does not provide desired functionality, custom Attivio fields and queries can be used without the security module. This guide briefly describes how to do this by configuring Attivio to restrict access to indexed content through the ingestion of Access Control List (ACL) information and the inclusion of ACL criteria in queries.

This guide provides instructions on how to restrict access to content indexed by a specific Attivio platform installation. Standard network and operating system security mechanisms should still be used to restrict access to the Attivio installation in a highly sensitive environment.

View incoming links.


 

Procedure

  1. First you must configure your schema to Support ACLs. To store ACLs in the Attivio index, an ACL field must be added to the project schema. Add the ACL field to <project_dir>\conf\schema\default.xml as follows:

    <project_dir>\conf\schema\default.xml
    ...
  <schema name="default">
    <fields default-search-field="text">
      ...
      <field name="acl" type="string" tokenize="false" indexed="true" stored="true" sort="false" />
      ...
    </fields>
  </schema>
...
  2. There are multiple ways to ingest new content with ACL information specified. Depending on the source data format, load content with ACL field information in any of the following ways:
    • If XML files are being processed and the XML file contains User IDs and Group IDs, the xPathExtractor Transformer can be used to populate the ACL field. (Main article: Ingesting Arbitrary XML Content)
    • If data is loaded from a database, User ID and Group ID information can be included in the SQL query used for ingestion. (Main article: Loading Data from a Database)
    • The client API can be used to specify ACL information on any document being added via the client API (Main article: Java Client API).  The following code snippet shows an example of how to do this.

      Java:

      //import Java client API
import com.attivio.client.*;
...
//create document feeder to send documents to an Attivio instance
//this example assumes the presence of the default Attivio workflows
//and service endpoints

IngestDocument newDoc = new IngestDocument("Doc ID");
... //add all document fields
//add ACL field with values for each user ID and group ID that should be granted access to the document
newDoc.setField("acl","UserID1","UserID2", "UserID3",..."GroupID1","GroupID2","GroupID3");
...
documentFeeder.feed(newDoc);
  3. To prevent users from receiving unauthorized content, filter the query results by the User ID and Group ID identifiers using the Java Client API.  See the Search Application Example for an example of adding a security filter to a query.

 

Other Security Models

Attivio can support many other content security models. For more information contact Attivio at support@attivio.com.