Security and Confluence Documents

To allow users to only search documents that they are permitted to view, you will need to pass the Confluence groups they belong to the query service as the rights CGI parameter. See the section entitled ACLs in the Watson™ Explorer Engine documentation for more information about rights.

Because Confluence does not provide a directory service, you will need to provide that information in a separate Watson Explorer Engine search collection by crawling and indexing the user/group objects associated with a wiki.

Create a collection using the Confluence Users seed, supplying the following values:

  • Host - The server running Confluence
  • Port - The port to access Confluence
  • Username - The username to authenticate with
  • Password - The password to authenticate with
  • SOAP Endpoint Protocol (optional) - Protocol to use when contacting the SOAP Endpoint.
  • SOAP Endpoint (optional) - SOAP Endpoint path to the Confluence webservice. For Confluence version 4, use the version 2 of the endpoint. For example /rpc/soap-axis/confluenceservice-v2

After creating and crawling this collections, you will also need to add the form component named Confluence Rights to the form of the source associated with your Confluence documents collection. You will need to specify the following parameters in this form component:

  • Confluence Users Collection - Name of the search collection in which the Confluence groups/users are indexed.
  • User OS Name (optional) - The username passed to the collection to retrieve the associated permission groups. This is usually the username part of the OS login. If not specified, the username part of $user.name will be used.
  • User OS Domain (optional) - The domain passed to the collection to retrieve the associated permission groups. This is usually the domain part of the OS login. If not specified, the domain part of $user.name will be used.
  • Query Service URL (optional) - URL of the query service serving the Confluence Users collection (for example http://mydomain.com/search:7205). If not specified, the local query service is used.
Important: To make sure that no one can access the query service for your Confluence crawl without proper credentials, use the Configuration > Searching tab for your documents collection to set the Require rights option to true.