Methods for adding acls to the index, Crawling per-url acls – Google Search Appliance Managing Search for Controlled-Access Content User Manual
Page 42

Google Search Appliance: Managing Search for Controlled-Access Content
42
Methods for Adding ACLs to the Index
The search appliance supports different methods for adding per-URL ACLs and policy ACLs to the index.
The following table lists these methods and provides references to documentation for each method.
Crawling Per-URL ACLs
At crawl time, the search appliance can accept per-URL ACLs, along with documents, through the X-GSA-
External-Metadata HTTP response header. To include a per-URL ACL, specify the names of the groups
or users that have access.
Note: Crawled content with per-URL ACLs will serve only for the “Default” credential group configured in
Universal Login Auth Mechanisms but not for other credential groups.
To use this method of indexing per-URL ACLs, the web service that stores the content needs to be
designed to generate the optional X-GSA-External-Metadata HTTP header. The header includes a comma
separated list of encoded values in the following format:
X-GSA-External-Metadata: value_1, value_2,...
Where each value has the form meta-name=meta-value.
To specify a group, replace meta-name with google:aclgroups and meta-value with a single group
name. For example, to specify engineering (“eng”) as the group that has access to the URL, use
google:aclgroups=eng.
To specify a user, replace meta-name with google:aclusers and meta-value with a single user name.
For example, to specify Maria as the user that has access to the URL, use google:aclusers=Maria.
ACL Type
Method
Comments
Described In
Per-URL ACL
Feed
Use a feed to push per-URL
ACLs to the search appliance.
“Per-URL ACLs and
ACL Inheritance” in
Feeds Protocol
Developer’s Guide
Connector
Use a connector to push per-
URL ACLs to the search
appliance (uses feeds).
Crawl document header
At crawl time, add per-URL
ACLs, along with documents,
through the X-GSA-External-
Metadata HTTP response
header.
“Crawling Per-URL
ACLs” on page 42
Specify in metadata
(deprecated)
Define per-URL ACL can be
defined in external metadata or
metadata in the document
itself.
“Legacy Metadata
Format
(Deprecated)” in
Feeds Protocol
Developer’s Guide
Policy ACL
Serving > Policy ACLs page
in the Admin Console
Specify rules or import a text
file that contains policy ACL
rules.
“Policy ACLs” on
page 43 and Help
Center > Serving >
Policy ACLs
Google Search Appliance
Policy ACL API.
Programmatically add policy
ACL rules.
Policy ACL API
Developer’s Guide