Specific people access to application using IDOL,Omnigroup and sharepoint connector in backend

Hi Team,

How Document-level security needs to be given to specific people by making changes to Sharepoint, IDOL, and OmniGroupServer to provide access to 10 people only for a given source and restrict access for others. We are using IDOL 12 version and Sharepoint connector and OmniGroup in our systems,

We saw in IDOL 12.0 document  "Retrieve Access Control Lists and Identify the Security Type " that belongs to Sharepoint connector configuration.

[FetchTasks] MappedSecurity=True 

[Ingestion] IngestActions=META:SecurityType=LDAP

The above parameter affects globally but we required only 10 users.

1)Do we require to configure the Omnigroup server, IDOL, and Connector for this requirement?

2)if yes, What are the changes do we need to make in the configuration files.

  • For the intended users, do they actually have different rights to files in the SharePoint repository, and if so, do you need these to be reflected in the search results? Document Security, as the name implies, exists to enforce access controls at the document level. If this is a requirement, then yes, you would need to configure IDOL itself, the Connector(s), and OGS in order to extract ACLs from the repository, enforce restrictions during search, and deal with group-level permissions.

    If you don't require document-level restrictions, and are just looking to provide uniform access to search data for a specific set of users, then you may want to look into the User Security functionality within IDOL, and in particular, the Community component. You can use this to restrict user access to specific IDOL databases using roles/permissions that you would configure within IDOL itself. See https://www.microfocus.com/documentation/idol/IDOL_12_6/IDOLServer_12.6_Documentation/Guides/html/documentsecurity/#IAS/Appendixes/Restrict_Database_Access.htm for more details on this.


  • Yes  we do not require document-level restrictions, and are just looking to provide uniform access to search  for a specific set of users for a specific database alone.

    Actually all users are already provided with globalpass user authentification for the internal application.

    We just want to restrict the usage to 7 users alone to a specific IDOL database.

    If Yes,which parameters need to be modified to accomplish this.

  • Does your internal application currently pass the user information to IDOL at all? The link above has two options for restricting user access to databases, but both of them will rely on having user information stored in Community, and having the application interact with this component prior to performing a search, then modifying the search query accordingly.

    The first option, having IDOL itself enforce user restrictions at the database level, would require having the users and roles set up within Community, populating the documents with a generic ACL, and having your application retrieve a SecurityInfo string from Community that you would then send with queries to IDOL.

    The second option mentioned in the link involves also setting up the users and roles in Community, but having your application simply applying that as a DatabaseMatch parameter in queries to IDOL. This is less secure, but quite a bit easier.

    The second option is not significantly different from simply having your application apply DatabaseMatch according to application logic that doesn't require additional communication with IDOL.