Authorization Module

If the authorization requirements of user-defined sources do not fit the user/group model, authorization plug-ins can be used to provide a more flexible security model. Here, authorization is based on security attributes similar to document attributes and the authentication will be handled by an identity plug-in. This is referred to as a user-defined security model.

With an authorization plug-in, a crawler plug-in can add security attributes similar to document attributes. The values for the security attributes will be indexed in FIELD sections. The authorization plug-in is also invoked at login time to build security filters that will be automatically appended to the query string. The security filters will be applied against the values of the security attributes for each document; only documents whose security attributes’ values match the security filter will be returned to the user. This is similar to the way OID is handled using the attributes EQGRANT and EQDENY, the only difference being that authorization plug-in is open for the admin/data source implementers.