Enabling a Query-Based Security Provider for the Database Connector

You can expand external groups and users using a security provider when the database contains information allowing groups to be expanded to external users and/or external users to be mapped to Active Directory users.

To expand external groups and users using a security provider

1. In the source XML mapping file, define <AllowedUser> entries with the following properties:

   • Type (mandatory): ExternalGroup or ExternalUser.

   • Name (mandatory): The name of the external group or user.

     • Supports multiple semicolon (;) separated names.

     • Supports the %[column] syntax to use values returned by the Accessor query.

   • Server/ExpandGroup (mandatory with the ExternalGroup type): SQL query used by the security provider to expand external groups to external users.

   • Server/ExpandUser: SQL query used by the security provider to map external users to Active Directory users.

     <AllowedUsers>
       <AllowedUser type="ExternalGroup" allowed="true">
         <Name>%[column_allowed_groups]</Name>
         <Server>
           <ExpandGroup>
     	    select distinct column_user from membership where column_group = '@GroupName'
           </ExpandGroup>
           <ExpandUser>
     	    select distinct column_user_nt from nt_account where column_user = '@UserName'
           </ExpandUser>
         </Server>
       </AllowedUser>
     </AllowedUsers>

2. Create a security provider for your database source (see Configuring a Database Security Provider).

   Match the values for the Security provider and Source parameters listed in the following table.

   Security provider parameter	Source parameter
   Driver Type	Driver Type
   Database Connection String	Addresses

3. Associate this new security provider to your database source by selecting it in the Security Provider drop-down list (see Configuring and Indexing a Database Source).