Open topic with navigation
In the Mapped Security architecture, IDOL determines whether a user is permitted to view a document by comparing the user's security details against an Access Control List (ACL) that has been added to the document.
With Mapped Security, when connectors fetch information from data repositories they add an encrypted Access Control List (ACL) to a metadata field in each document. The ACL contains information about which users and groups are permitted to access the document. The documents, and therefore the ACLs, are indexed into IDOL Server.
A user might be allowed or denied permission to view a document because they are a member of a security group. This means that IDOL must consider group memberships, in addition to permissions, before it can determine whether a user can view a document. OmniGroupServer collects user and group information, and stores it, so that IDOL Server can access this information.
When a user queries IDOL Server, IDOL sends the user's security string and the documents that match the query to the Mapped Security Plug-In. The Mapped Security Plug-In compares the user's details to the ACL in each document, and determines which documents the user is permitted to view. IDOL only returns those documents in its response.
The advantage of this process is that IDOL Server can quickly respond to a query, because it does not need to connect to the original data repository to check the ACL for each document. The disadvantage is that there might be a delay between the security settings changing in the original data repository and the information being updated in IDOL Server.
Mapped Security is suitable for most environments, particularly where the security settings for documents do not change often.