Collection-level security

When you create a collection, you can choose an option to enable collection security. If you choose this option, you can later configure document-level security controls. You cannot enable collection-level security for a collection after it is created.

The ability to access different collections is controlled by mapping search and analytics applications to the collections that they can access. All applications are required to pass a valid application name (APPID) to the Watson Explorer Content Analytics application programming interface (API). Only the collections associated with this APPID can be accessed by the application.

Each application has a configuration file that specifies the name of the application. Before an application can access a collection, an administrator must associate the application with the specific collections that it can access. An application can access all of the collections in the system, or access only the collections that you specify.

To control which users can query which collections, you must associate users (or user groups) with the client application by using standard access control features of the embedded web appliction server or WebSphere® Application Server, similar to how you might use these features to restrict access to a URL. For example, you can restrict access to the URL that launches your application.