Can I limit which users can access collections in Content Analytics?

Technote (FAQ)


Question

I have Content Analytics (ICA) deployed to WebSphere (WAS) instead of using the embedded application server. Can I limit which users can access collections within the search application?

Answer

You must first associate application IDs to the collections they should access. See the Related information section below for instructions.

Next, follow these detailed instructions:

  1. Add role names for App ID to web.xml
    1. Backup and extract an application ear file (e.g. if the application is search application, it will be $ES_NODE_ROOT/bin/search.ear. Content Miner will be $ES_NODE_ROOT/bin/analytics.ear) as a zip file
    2. Extract search.war as a zip file
    3. Add roles corresponding to all created App ID entries to search/web.xml. A role name needs to be APPID_ROLE__{AppID} with a created App ID
      1. For example, if administrator created an App ID "AppCol1" the role name will be "APPID_ROLE__AppCol1". This can be checked in file $ES_NODE_ROOT/master_config/searchapp/appid_mapping.xml.
      2. At the bottom of web.xml in the extracted application folder (e.g. search.ear/search.war/search/WEB-INF/web.xml), there are several <security-role> entries.
      3. Add the role names and save the file like the following.
        <security-role>
        <role-name>APPID_ROLE__AppCol1</role-name>
        </security-role>
        <security-role>
        <role-name>APPID_ROLE__AppCol2</role-name>
        </security-role>
    4. Compress all files under search folder with all file selection and rename it as search.war
    5. Compress META-INF and search.war with selection and rename it as search.ear. Note that the compressed folder structure must be same as the original ear file.
  2. Update the application via WAS Admin console
    1. Access the WAS Admin console
    2. Select the application and click "Update" in Applications->Application Types->WebSphere enterprise applications
    3. Specify the new ear file with the option "Replace the entire application"
    4. Click next and finish
    5. After the configuration is saved, you can confirm the roles are successfully added by clicking the link "View Deployment Descriptor" in the deployed application menu (Applications->Application Types-> WebSphere enterprise applications)
  3. Map users to a specific App ID
    1. Click the link "Security role to user/group mapping" in the deployed application menu (in Applications->Application Types->WebSphere enterprise applications)
    2. Select roles including "REGISTERED_USER" and a newly added AppID role such as "APPID_ROLE__AppCol1" and other roles as needed.
    3. The user getting mapped must also have the "AllAuthenticated" role.
    4. Click the menu "Map users..."
    5. Select users to be mapped and click OK and save
    6. Logged in to the search application as the mapped user
  4. Restart ICA with "esadmin system stopall" and "esadmin system startall"

Related information

Associating applications with collections

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Content Analytics with Enterprise Search

Software version:

3.0

Operating system(s):

AIX, Linux, Linux on System z, Windows

Reference #:

1626364

Modified date:

2013-03-01

Translate my page

Machine Translation

Content navigation