Mapped Security Architecture
The mapped security architecture includes the following components:
- The Salesforce repository.
- IDOL Salesforce Connector.
- IDOL OmniGroupServer.
- IDOL Content component.
- A front-end application.
Items in Salesforce have associated permissions that specify the users and groups who are permitted, and who are not permitted, to view them. The Salesforce Native Connector retrieves the items from Salesforce and generates documents that can be indexed into the IDOL Content component text index. To each document the connector adds an Access Control List (ACL) which contains the security information. Each time the connector synchronizes with the repository, it updates the ACLs for any documents where the associated permissions have changed.
IDOL Content needs the ACL to determine whether a user can view a document that is returned as a result to a query. However, IDOL must also consider the groups that the user belongs to. A user might not be permitted to view a document, but they could be a member of a group that has permission. This means that IDOL requires the user and group information associated with the files.
The connector can extract user and group information from the Salesforce repository.
- In the ACI connector, this functionality is available through the
SynchronizeGroups
action. Based on a schedule, OmniGroupServer sends a request to the connector to run this action and the connector returns the information. - In IDOL NiFi Ingest, there is a processor GetSalesforceGroups. This extracts users and group information. In your dataflow, use a PutOGS processor to send the data to your OmniGroupServer.
OmniGroupServer stores the user and group information so that the IDOL Community component can query it. When a user logs on to a front-end application, the application requests the user’s security information and group memberships from IDOL Community. Community returns a token containing the information. The front-end application includes this token in all queries the user sends to IDOL Content. When a user submits a query, IDOL Content sends only the documents that the user is permitted to view to the front-end application.