Crawl, index, and serve, Chapter 2 – Google Search Appliance Managing Search for Controlled-Access Content User Manual

Google Search Appliance: Managing Search for Controlled-Access Content

8

Chapter 2

Crawl, Index, and Serve

Chapter 2

This chapter describes how a search appliance discovers content on your servers. It provides an
overview of authentication and authorization methods used during crawl and index, and the methods
available during serve. It also provides basic instructions for configuring a search appliance to crawl,
index, and serve controlled-access content.

Authentication, Authorization, and Controlled-
Access Content

Authentication is the process of verifying the identity of a user, a system, or a service. Authorization is
the process that determines whether an authenticated user, system, or service has permission to
perform a task. The term “controlled-access content” represents any information that should not be
displayed unless the user who requests the content is authenticated and has authorization to view the
information.

To make controlled-access content discoverable through search, the search appliance mediates two
kinds of access:

•

Access that enables the crawler to discover content on your servers and index any controlled-
access content found there.

•

Access that enables an individual user to perform a search and to view content that exists in the
index.

All controlled-access content that is available to the search appliance is indexed. For more details, see
“Crawl and Index for Controlled-Access Content” on page 9. After the controlled-access content is
indexed, the search appliance determines whether to display the content in response to each search
request.

When a user issues a search request for content controlled by some authentication mechanisms, the
search appliance impersonates the user. The search appliance verifies the user’s identity and
determines whether the user has authorization to view controlled-access content. This check is
performed before the search appliance displays any content in search results.

The Google Search Appliance provides centralized serve-time authentication with Universal Login (see
“Universal Login” on page 15). With centralized serve-time authentication, a user who is searching for
protected content is prompted for credentials once by the Universal Login Form for set of
authentication mechanisms that share a username and password. For detailed information about
Universal Login and authentication, see “Authentication” on page 15.