Documentation

API Management

The RheinInsights Retrieval Suite offers REST APIs. These enable building enterprise search experiences in various cases.

Principal ACL API

This API offers user and group ACLs for an individual user. You can call it as follows

Request

Operation: GET 
URL: <baseurl>/api/v1/securitytrimming/acls?id=<user Alias or user Id>

Headers: 
authorization: <authorization token from configuation>

Response

200 OK
{
    "userAcls": [
        "S-1-5-21-2942217912-2949274087-000000000-7691"
    ],
    "userIds": [
        "S-1-5-21-2942217912-2949274087-000000000-7691"
    ],
    "groupAcls": [
        "G_____B987CEDCD58A97DF8400AAACEAC2FCA8",
        "G_____everyone"
    ]
}

or 

401 if the API is not enabled, the api secret is empty 
or the authorization token does not match.

Here userAcls contains all user tokens and groupAcls contains all group ACE tokens which may be contained in any of the indexed documents. In order to construct a security filter, you need to combine both and filter for the allowAcl fields our connectors fill.

For more information, we refer to our blog post RheinInsights - Blog - Permission-Based Retrieval Augmented Generation (RAG).

Configuration

In order to enable and configure the principal ACL API, proceed as follows:

  1. Browse to Administration > General Settings > API Management.

  2. Security trimming API enabled: enable this checkbox

  3. Security Trimming API: set a token which is neither empty nor easy to guess

  4. Click on validate and save.

  5. Afterwards the API is enabled and can be used.