About Security Source Development

Security sources are used to manage security information relative to users, or group of users.

See Also
Implementing a Security Source Plugin

The main goal of security sources is to:

  • authenticate a user (using its password) and return its security identifiers, called tokens,

  • list security tokens associated with a given user or group.

When a document is produced by a connector, the security metadata pushes the list of tokens which give the required access credentials to the indexed document.

Negative tokens can also be used to refuse credentials. In such case, negative rules are always prioritary, that is to say that if a positive token gives access to a document, and a negative one denies it, the access will be denied.

By default, all security tokens are indexed in the product, to enable security features per document.

Users also have a set of similar tokens associated with their authenticated accounts. These tokens are usually based on their access rights or group ownership.

An authenticated user will only be able to find a document, if his set of security tokens contains at least an allowed token, and no negative token.

Connectors and security sources work together, the tokens produced by the former are compared to the later to reduce the search results scope.

For example:

A filesystem source connector produces the following tokens (the security meta-data will contain these values):

  • unix:user:10028

  • unix:group:100

Any authenticated user whose token contains either unix:user:10028 or unix:group:100 will therefore have access to the document.