security.earlybinding.user-to-key-mapper
Background
This setting is used with document level security. It indicates the name of a security plugin which should be used at query time to map a given username into a list of keys which the user can use to unlock documents (usually group or permission names). Possible values are:
-
MasterKey
: Special plugin for testing purposes: It will always pass a generic master key that will grant access to every document. Do not use in production!. -
Meta
: For Meta collections with sub-collection using document level security. This plugin will delegate the key mapping to the plugin of each sub-collection. -
Trim
: Deprecated. -
Trim2
: (For TRIMPush data sources) This plugin will connect to the TRIM repository and collect the security credentials of the user (Level, Caveats, ACLs, special bypasses) in a format compatible with TRIMPush collections. -
Groovy
: This plugin will call a Groovy class to retrieve the user keys. See security.earlybinding.user-to-key-mapper.groovy-class (collection.cfg) for more details. -
Portal
: This plugin will retrieve the user keys from an URL parameter nameduserkeys
(e.g. http://server/s/search?collection=…&userkeys=key1,key2). Note that this approach is not secure unless Funnelback can be accessed only through a portal, so that users cannot change the value of theuserkeys
parameter. -
ManifoldCF
: To be used with ManifoldCF enterprise connectors. -
ManifoldCFDebug
: A insecure plugin for debugging only. -
Sitecore
To be used with the Sitecore CMS.security.earlybinding.user-to-key-mapper.sitecore.service_url
must be set to the Sitecore webservice endpoint URL used to retrieve the user roles.
Setting the key
Set this configuration key in the search package or data source configuration.
Use the configuration key editor to add or edit the security.earlybinding.user-to-key-mapper
key, and set the value. This can be set to any valid UserToKeyMapperTypes
allowed values: MasterKey
, Meta
, Trim
, Trim2
, Groovy
, Portal
, ManifoldCF
, ManifoldCFDebug
, Sitecore
or Moodle
value.