beautypg.com

Methods for adding acls to the index, Crawling per-url acls – Google Search Appliance Managing Search for Controlled-Access Content User Manual

Page 42

background image

Google Search Appliance: Managing Search for Controlled-Access Content

42

Methods for Adding ACLs to the Index

The search appliance supports different methods for adding per-URL ACLs and policy ACLs to the index.
The following table lists these methods and provides references to documentation for each method.

Crawling Per-URL ACLs

At crawl time, the search appliance can accept per-URL ACLs, along with documents, through the X-GSA-
External-Metadata HTTP response header. To include a per-URL ACL, specify the names of the groups
or users that have access.

Note: Crawled content with per-URL ACLs will serve only for the “Default” credential group configured in
Universal Login Auth Mechanisms but not for other credential groups.

To use this method of indexing per-URL ACLs, the web service that stores the content needs to be
designed to generate the optional X-GSA-External-Metadata HTTP header. The header includes a comma
separated list of encoded values in the following format:

X-GSA-External-Metadata: value_1, value_2,...

Where each value has the form meta-name=meta-value.

To specify a group, replace meta-name with google:aclgroups and meta-value with a single group
name. For example, to specify engineering (“eng”) as the group that has access to the URL, use
google:aclgroups=eng.

To specify a user, replace meta-name with google:aclusers and meta-value with a single user name.
For example, to specify Maria as the user that has access to the URL, use google:aclusers=Maria.

ACL Type

Method

Comments

Described In

Per-URL ACL

Feed

Use a feed to push per-URL
ACLs to the search appliance.

“Per-URL ACLs and
ACL Inheritance” in
Feeds Protocol
Developer’s Guide

Connector

Use a connector to push per-
URL ACLs to the search
appliance (uses feeds).

Crawl document header

At crawl time, add per-URL
ACLs, along with documents,
through the X-GSA-External-
Metadata HTTP response
header.

“Crawling Per-URL
ACLs” on page 42

Specify in metadata
(deprecated)

Define per-URL ACL can be
defined in external metadata or
metadata in the document
itself.

“Legacy Metadata
Format
(Deprecated)” in
Feeds Protocol
Developer’s Guide

Policy ACL

Serving > Policy ACLs page
in the Admin Console

Specify rules or import a text
file that contains policy ACL
rules.

“Policy ACLs” on
page 43
and Help
Center > Serving >
Policy ACLs

Google Search Appliance
Policy ACL API.

Programmatically add policy
ACL rules.

Policy ACL API
Developer’s Guide