Tell Me

Providing Document Access Control

previous|next

Bill specifies to Timothy that some security needs to be imposed in the crawler plug-in design—he needs access control enabled.

Timothy feels that if content needs to be protected on a per document basis, this adds to the complexity of the plug-in design.

Oracle SES is now directly integrated with access control and identity
management solutions. No synchronization with Oracle Internet Directory is necessary for Oracle SES to ensure access control. The plug-in is responsible for translating the document access control information into Access Control List (ACL) using the OID principal.

When each document is passed back to SES, the crawler is responsible for creating an Access Control List (ACL). This is a list of all the users and/or groups who should have read access to that document. This will be stored by SES in the index, and used to establish which documents may be retrieved by any particular user as part of the search. A critical part of the design process is to figure out how this information is to be obtained.

Timothy decides not to provide per document access control for the Genie crawler plug-in.