beautypg.com

Google Search Appliance Feeds Protocol Developers Guide User Manual

Page 16

background image

Google Search Appliance: Feeds Protocol Developer’s Guide

16

principal

Element

To specify the principal, its name, and access to a document use the principal element. The
principal element is a child of the acl element. The following code shows examples of the principal
element:

case-sensitivity-type="everything-case-insensitive"
scope="user" access="permit">yourdomain\username

case-sensitivity-type="everything-case-insensitive"
scope="group" access="permit">yourdomain\groupname

A principal element can have the following attributes:

scope

access

namespace

case-sensitivity-type

principal-type

scope

Attribute

The scope attribute specifies the type of the principal. Valid values are:

user

group

The scope attribute is required.

access

Attribute

The access attribute specifies the principal’s permission to access the document. Valid values are:

permit

deny

The access attribute is required.

namespace

Attribute

By keeping ACLs in separate namespaces, the search appliance is able to ensure that access to secure
documents is maintained unambiguously. Namespaces are crucial to security when a search user has
multiple identities and the permissions for documents are composed of ACLs from separate content
sources. The namespace attribute specifies the global namespace for the user or group. The global
namespace corresponds to the credential group for a content source. For detailed information about
credential groups, see “Universal Login” in Managing Search for Controlled-Access Content.

case-sensitivity-type

Attribute

The case-sensitivity-type attribute specifies whether or not the principal’s name is case sensitive.
At serve time, the search appliance compares the principal’s name as entered on the Universal Login
form with the one stored in the index. For example, suppose the name in the index is “ALEX” and the
name on the form is “Alex.” If the name is case sensitive, access to the document is denied. Valid values
are:

everything-case-sensitive

everything-case-insensitive

See also other documents in the category Google Software: