Configuring Security

During indexing, Exalead CloudView indexes the document along with all associated roles and ACLs. At search time, when the user connects to the search application, Exalead CloudView queries ENOVIA to retrieve its roles. When a document matching the user request is found, Exalead CloudView verifies that at least one of the user's roles or the user's UID is in the access control list (ACL) of the index.

This task shows you how to:

See Also
Configuring the Connectivity

Configure the Connector Security Parameters

First select a security mode at the connector level.

Before you begin: It assumes that you have already configured your connector according to the required connectivity mode.
  1. Open your ER Connector instance.
  2. In the Configuration tab, expand Security parameters.
  3. Click Add item, and from Component class name select a security mode.

    Table 1. Connector Security Modes and Parameters
    Mode Description
    Default Security

    This mode allows the definition of the two following parameters only.

    Note: These parameters are common to all security modes, except for Project Based Security.
    • All BusinessObjects visible by default: If no security token is generated, this parameter adds the Everybody token on all BOs. It makes documents visible by everyone. If a security handler generates a security token, this parameter has no effect.
    • All Connections visible by default: If no security token is generated, this parameter adds the Everybody token on all Connection documents. It makes documents visible by everyone. If a security handler generates a security token, this parameter has no effect.
    ENOVIA SBA Security

    This mode comes from the legacy SBA connector. It is based on the ENOVIA policy security model.

    See Standalone ERAgent Security Recommendations.
    Project Based Security

    A simple security, based on the project attribute. Users can only see the documents that are in their projects (that is, Collaborative Spaces, for the 3DSpace).

    To distinguish Collaborative Spaces that may have the same name in different 3DSpaces, you can specify a prefix to apply to security tokens.

    Security V2
    • Access list URI: Choose whether to build AccessList URI compatible with the SBA mode, for version V6R2018x and higher.
    • Prefix: Specify a URI prefix when you want to index data with the same Consolidation Server as another ENOVIA connector.
    • (Required) Link with business objects: Builds a graph out of Access Lists.

Configure a Security Source

A security source is provided with the ENOVIA ER connector. Whenever a user authenticates to Exalead CloudView, the security source verifies the groups this user belongs to.

  1. Open the Exalead CloudView Administration Console.
  2. Go to Access > Security Sources and click Add security source.
    1. For Name, enter the security source name, for example ersecurity.
    2. For Type, select ER Connector.
    3. Click Accept.
  3. Configure the security source properties.

    Property Description
    Agent URL The ENOVIA ER agent URL:

    http://<enoviaer_host>:<PORT NUMBER/enovia-agent

    Note: If empty, the security source uses the local context.
    Login ER client pool login. It must be the same login as the ER connector login.
    Password ER client pool password. It must be the same password as the ER connector password.
    Security mode Select the same security mode that you applied to the connector (see Configure the Connector Security Parameters):
    Ldap users Uses LDAP users. Passwords are not taken into account in this case, as ENOVIA does not know the user passwords. If this option is not selected, LDAP users who try to connect will get error messages.
    Space prefix For project-based security only, specify the same prefix that you defined for the connector.

  4. As administrator or super-user, you can test user authentication on the ENOVIA server.
    1. In Test user authentication, click Test.
    2. Enter a user login and password (do not use the admin account credentials), and then click Test.
      If successful, the user ID, display name, and list of security tokens displays. If not, verify the parameters and contact your system administrator.

Define a Specific Aggregation Processor for Security V2

To use the Security V2 mode, install an aggregation processor to manage ACLs.

  1. Go to Index > Consolidation.
  2. Add an aggregation processor:
    1. Select Java as format.
    2. For Name, enter the name of your choice.
    3. For processor, select Plugin enovia-er-connector-plugin-v6 > ACLs Security Aggregator.
    4. Click Accept.
  3. Choose the security level to apply on ACLs.

    You can choose to keep all positive ACLs (default option with all yes level authorized check boxes selected), or select more precisely to keep Yes level, Maybe yes level, or Maybe yes local level.