B.6 Security Customization Samples

This section contains samples of security model customization.

B.6.1 Content Security Samples

This section contains samples of content security customization:

B.6.1.1 Simple Idoc Script Function

This sample allows Read access if the user Color custom field and the content Color custom field match.

<$if strEquals(uColor, xColor)$><$isNTKReadAccess=1$><$endif$>

B.6.1.2 Using stdSecurityCheck

This sample allows Read access if the user Color is Blue and the user has standard security to the content.

<$if stdSecurityCheck() and strEquals(uColor, "Blue")$><$isNTKReadAccess=1$><$endif$>

B.6.1.3 Using isStrIntersect

This sample returns true because 3 is a member of the first string.

<$if isStrIntersect("1,2,3,4", "5,3")$><$isNTKReadAccess=1$><$endif$>

This sample returns false because neither 5 or 6 is a member of the first string.

<$if isStrIntersect("1,2,3,4", "5,6")$><$isNTKReadAccess=1$><$endif$>

This sample returns false because the second string is empty and the third parameter is not specified.

<$if isStrIntersect("1,2,3,4", "")$><$isNTKReadAccess=1$><$endif$>

This sample returns true because the second string is empty and the third parameter is true.

<$if isStrIntersect("1,2,3,4", "", 1)$><$isNTKReadAccess=1$><$endif$>

This sample returns false because the second string is empty and the third parameter is false. Note that the third parameter can be a string (for example, "True" or "T") or a number (for example, 1, 0).

<$if isStrIntersect("1,2,3,4", "", 0)$><$isNTKReadAccess=1$><$endif$>

B.6.1.4 Using allStrIntersect

This sample returns false because 5 is not a member of the first string.

<$if allStrIntersect("1,2,3,4", "5,3")$><$isNTKReadAccess=1$><$endif$>

This sample returns true because 3 and 4 are members of the first string.

<$if allStrIntersect("1,2,3,4", "3,4")$><$isNTKReadAccess=1$><$endif$>

The samples in Using isStrIntersect (page 4-2) that use the third parameter would work the same with allStrIntersect.

B.6.1.5 Using includeNTKReadSecurityScript

Read script:

<$if strEquals(dDocType, "Document")$><$isNTKReadAccess=1$><$endif$>

Write script:

<$includeNTKReadSecurityScript()$><$if isNTKReadAccess and strEquals(uColor, "Red")$><$isNTKWriteAccess=1$><$endif$>

The user has Write access to the content item if they have read access (type is Document) and the user's Color is Red.

B.6.2 Search Result Samples

This section contains samples of search results customization:

B.6.2.1 Disabling Links

This sample disables the URL and Content Information link if the user does not have Read access to the content item. This could be used if you set the query role to show extra content items in the search results, but don't want users to see links to them.

<$if not securityCheck()$><$docInfo:enabled=0$><$url:enabled=0$><$endif$>

B.6.2.2 Changing Links

This sample alters the Content Information and URL link to another service if the Color of the content is Red.

<$if strEquals(xColor, "Red")$><$docInfo:link=HttpCgiPath & "?IdcService=GET_USER_INFO"$><$url:link="javascript:alert('Cannot view content.')"$><$endif$>

B.6.2.3 Changing Images

This sample alters the Content Information link if the Color of the content item is Green.

<$if strEquals(xColor, "Green")$><$docInfo:image_small=HttpImagesRoot & "stellent/tree_icons/historical.gif"$><$endif$>

B.6.3 Hit List Roles Samples

This section contains samples of hit list roles customization:

B.6.3.1 Using the Query Hit List Role

If you set the Query role to be queryRole, and queryRole has Write access to the security group NTKGroup, then NTKGroup will appear in the security group option list. You could then limit what content information appears by customizing the Search Results configuration values

B.6.3.2 Creating a Black Hole Check In

By using the Update role, you could create a scenario where a user could check in a content item and then not be able to view or edit it. You would need to do the following:

  1. Create a role called updateRole that has Read/Write access to the security group NTKGroup.

  2. Update the Write content security script so that if a meta change is occurring and the security group is NTKGroup, allow access.

<$if isMetaChange and strEquals(dSecurityGroup, "NTKGroup")$><$isNTKWriteAccess=1$><$endif$>