Federation Services content views offer a number of security layers. Using the JavaScript processor permissions can be added to each document, which can restrict widget usage and the ability to search for the document.
Repository Document ACLS
Each document, whether it has source permissions or not, will have an Allow and Deny ACL (Access Control List). Both lists exist as a list of strings (String []) on the document, and can be access through JavaScript. In order to apply document level permissions to documents, permissions will need to take the form
action=principal1,principal2,principal3
Where action can be Search, or the id of a Widget Definition The principals are Federation Services user logins, or User Group names.
LIMITATIONS Only the Search permission is checked at the API level. Meaning, that a user can still access documents directly through the Content Services API. These permissions simply alter content views to prevent them from performing these actions via Widgets.
{
"allow": true,
"action": "Search",
"principals": [
"everyone"
]
}
Here is an example of some JavaScript that will prevent users in group1 from downloading documents through Discovery. It will also stop user1 from searching for the document.
var deny = ['DownloadWidget=group1', 'Search=user1']; rd.setDenyAcl(deny);