Document-level security
If security is enabled for a collection when it is created, you can configure document-level security controls. Document-level access control ensures that the search results contain only documents that the user who submitted the search request is authorized to see.
Watson Explorer Content Analytics supports many
approaches for configuring document-level security controls:
- Documents can be pre-filtered and associated with security tokens before they are added to the index. All crawlers support the ability to associate documents with security tokens so that access control data can be stored with the documents in the index.
- For some crawlers and data source types, search results can be post-filtered to validate the user's login credentials against current access control data. Post-filtering can also be implemented through a custom plug-in that you create.
- The identity management component can encrypt the various credentials that users need to access different repositories, and store the encrypted credentials in profiles. If the sources to be searched are protected by a product that provides single sign-on (SSO) security, the identity management component can control access to documents without requiring users to create profiles.
- For most crawlers, a custom Java™ class (plug-in) can be used to associate security tokens with documents in the index.
- For documents crawled by a Web crawler, the anchor text in documents that contain links to forbidden documents can be excluded from the index.