Product DocsMenu

Coveo Platform 6.5 >
Administrator Help > Connectors > Database Connector > Enabling a Query-Based Security Provider

Enabling a Query-Based Security Provider for the Database Connector

You can expand external groups and users using a security provider when the database contains information allowing groups to be expanded to external users and/or external users to be mapped to Active Directory users.

To expand external groups and users using a security provider

  1. In the source XML mapping file, define <AllowedUser> entries with the following properties:

    • Type (mandatory): ExternalGroup or ExternalUser.

    • Name (mandatory): The name of the external group or user.
      • Supports multiple comma (,) separated names.

      • Supports the %[column] syntax to use values returned by the Accessor query.

    • Server/ExpandGroup (mandatory with the ExternalGroup type): SQL query used by the security provider to expand external groups to external users.

    • Server/ExpandUser: SQL query used by the security provider to map external users to Active Directory users.

      <AllowedUsers>;
        <AllowedUser type="ExternalGroup" allowed="true">
          <Name>%[column_allowed_groups]</Name>
          <Server>
            <ExpandGroup>
      	    select distinct column_user from membership where column_group = '@GroupName'
            </ExpandGroup>
            <ExpandUser>
      	    select distinct column_user_nt from nt_account where column_user = '@UserName'
            </ExpandUser>
          </Server>
        </AllowedUser>
      </AllowedUsers>
  2. Create a security provider for your database (see How to Add and Modify Security Providers) using the values indicated in the following table.

    Security provider parameter Value
    DLL Path Coveo.CES.CustomCrawlersSecurityProvider.dll
    User Identity (none)
    Parameters

    Enter a string similar to the one in the following example where you edit the DriverType and ConnectionString parameter values to match that set respectively in the Driver Type and Addresses parameters for your Database source.

    Example: AssemblyPath="D:\Program Files\Coveo Enterprise Search 6\Bin\Coveo.CES.CustomCrawlers.ODBC.dll"; DriverType="SqlClient"; ConnectionString="Data Source=MyDBServer;Initial Catalog=FTPServU;User Id=sa;Password=MyPassword"

  3. Associate this new security provider to your database source by selecting Use a security provider option and selecting the new security provider in the Security Provider drop-down list (see Modifying Source Security Permissions).