Security in ISYS:web 7

You’ve installed ISYS:web, run searches on the Demo index, and marvelled at how easy it all was to set up.  Now you log into the ISYS:web Admin Console and create an index of your fileserver's 10 Gazillion documents, but every time you search it you always get 0 hits in 0 documents.

What’s going on?

The most likely answer is that you don’t have permission to access those documents.  How can this be, when you were able to index all 10 Gazillion? ISYS:web has security built-in from the ground up.  It runs as a service, and uses ‘impersonation’ to access whatever resources it needs.  So when you logged into the Admin website, ISYS:web used your credentials to access the fileserver and read the documents.  When you used the Default website to perform the search, ISYS:web impersonated the ISYSGuest_machinename account to try to access the fileserver documents, but since that account only has local permissions, every document found was removed from the result list, and you got “0 hits in 0 documents”.

What to do?

You have two options:

• Switch off anonymous access.  By default, anonymous access is enabled.  When disabled, users must supply credentials to be able to perform searches.  ISYS:web will then use their credentials to test access to result documents.  Any they cannot read are removed from the result list, ensuring they remain unaware of their existence.
• Specify a domain or fileserver account as the Guest user.  If you want to allow anonymous access to non-local documents, specify a Guest user account with 'read' access to the fileserver documents.

For more information about security, open the Admin Console and go to Web Sites > (your web site) > Security > Access Control and click the help icon.

Don’t forget, if you have any questions regarding Tech Tips you can email:
support@isys-search.com.