iWay Enterprise Index (iEI) uses the iWay Service Manager Authorization System, which provides for both authorization of access to information and the rendering of that information as appropriate to the requestor. Security is aggregated across iSMs such that the "owner" of a record is responsible for its authorization. Specifically, if messages are processed in more than one Service Manager, the server that processed the message and holds it in its Audit Manager also authorizes access to the message.

iWay expects that users will need to interface with their own security systems in ways that cannot be predicted in a product. For this reason, iEI supports user security exits. For more information, see the iWay Service Manager Programmer's Guide.

iWay provides two sample exits: a null exit that authorizes all requests and directly renders the message, and a user/group membership exit that implements security at the user level and rendering at the group level. iWay does not expect that either of these exits will completely satisfy a user's security needs.

The access control file used by the Base Authorization Driver for iEI associates individual users with groups and grants groups permission to view documents from the Message Repository. Groups may have permission to see documents either in their original format or after a transformation has been applied. An XML schema describing the security database is available in Sample Schema and XML Instance Files.

Important: The sample security and rendering system described is meant to show the capabilities of the iWay Enterprise Index package as distributed. As described here, they provide minimal security and flexibility. iWay strongly recommends that you create your own security and rendering system. For more information, see the iWay Service Manager Programmer's Guide.

The full exit, named iEI Full Authorization, simply authorizes any requests, and causes rendering of messages to return the actual message. In effect, it provides no security.

The only parameter is the name of the Audit Manager that is being managed.

Important: The sample security and rendering system described in iWay Enterprise Index Basic Authentication is meant to show the capabilities of the iWay Enterprise Index package as distributed. They provide minimal security and flexibility. iWay strongly recommends that you create your own security and rendering system.