Collection-Level Security

Collection-level security limits which collections a user can search. To search a collection, a user must be a member of a particular user group. Network administrators create these user groups regularly when they set up native LDAP, Windows NT domain, or UNIX security models. After creating a collection, the K2 administrator simply assigns it to one or more user groups. This assignment allows K2 to determine exactly which users have permission to search the collection.

For example, if your enterprise indexes all your human resources information into a single HR collection, it might be important to restrict collection access to a user group that consists only of senior human resources management. If an outside employee searches for enterprise-wide salary information, K2 excludes the employee from the HR collection because the employee is not part of that group. No salary information appears in the employee’s search results.

In addition to providing flexible restrictions to sensitive material, collection-level security accelerates search performance by limiting the number of collections that a query is run against. This can be helpful if your enterprise has indexed its information into a large number of collections.

Obtaining Access to Secure Collections

To obtain access to a secure collection, the user must authenticate to K2. To authenticate, the user provides K2 with the login information of the enterprise’s native security model. K2 then uses this information to verify the user’s group membership. For example, if your enterprise uses a Windows NT Domain security model, the user provides K2 with a valid NT user name, password and domain name. K2 stores this information, authenticates the user with NT, and obtains the user’s NT group information. Only then will K2 grant the user access to the collections for which the user is authorized.

Anonymous Access

Enterprises can allow anonymous access to collections and documents. This access method is useful for companies that expose information to public users. Such publicly available documents are stored in a non-secure collection and are configured in LDAP, NT or UNIX to be anonymously available. If a user signs on to K2 without first logging into the native security model, K2 gives access to these public documents only.