Controlling access to features

You can control access to the features and types of command that are available to i2 Analyze users. To restrict (and in some cases, to allow) access to features, you need to specify a command access control file.

Note: In the production deployment process, you first configure access to features in the configuration development environment.

You can use a command access control file to specify which permissions to assign to each user group that you set up in the security schema. The command access control file can contain permissions that apply to i2 Analyze and, if applicable, to other custom client services.

When you create an example deployment, i2 Analyze is configured with the command access control file that the example contains. However, when no file is specified in the configuration, access control is not enabled. All authenticated users can access all features except:

Exporting search results to a CSV file
Using the i2 Notebook web client
The administrator permission

After you specify a command access control file, access to all features is controlled by that file. Before they can use a feature, you must give the appropriate permission to a group of users.

When you upgrade a system that has access to specific features enabled, ensure that you check for new features that require new permissions. Without updating your file to add permissions, access to the features are denied to all users. For information about any new permissions, see Configuration and database changes.