Confirming the Need for Query Filter Plug-in

Timothy is now well convinced about when to create an Identity plug-in. But, with the scenario 3 that Philip explained in the previous section, Timothy finds one complication. He wants to know what could be done when the list of users is the same, but Genie has a concept of groups (or roles) which differs from those in OID.

Philips has a ready solution for this. He suggests Timothy to use an authorization Query Filter (QF) plug-in.

The QF plug-in would be responsible for checking which groups the current logged-on user is a member of. Therefore, at indexing time, a list of Genie groups in the Access Control List for the document can be stored. Then, at query time, SES would ask the QF plug-in which groups the user is a member of, such as “SALES”, “MARKETING” and “AMERICAS”. The query would then be run with a search condition attached which said the equivalent of “ALLOWED_USER=username OR ALLOWED_GROUPS IN (“SALES”, “MARKETING”, “AMERICAS”)”