Skip to content
No description, website, or topics provided.
Apex
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md
SecurityTools.cls
SecurityTools.xml

README.md

DeepSee_SecurityTools

A class with methods that I commonly use to test or troubleshoot Security issues in IS Caché and DeepSee.

Description

This class modifies the security settings in a Caché instance. For this reason I recommend using it only in test environments. By default, three users are created with the following roles and permissions:

User Role Resource Permission
simpleuser DSUser %DeepSee_Portal
%Service_Terminal
%Development
DB<database>
U
U
U
RW
poweruser DSPowerUser %DeepSee_AnalyzerEdit
%DeepSee_Portal
%DeepSee_PortalEdit
%Service_Terminal
%Development
DB<database>
U
U
U
U
U
RW
admin DSAdmin %DeepSee_ArchitectEdit
%DeepSee_AnalyzerEdit
%DeepSee_Portal
%DeepSee_Admin
%Service_Terminal
%Development
%DB_CACHESYS
DB<database>
U
U
U
U
U
U
RW
RW

This allows you to test Caché and DeepSee using three users having increasingly broad permissions. See also my articles on this topic on InterSystems' Developer Community.

Instructions

Programmatic import from Caché console

ZN "SAMPLES"
Set path="/home/amarin/DeepSee_SecurityTools/"  //Set your path
W $system.OBJ.Load(path_"SecurityTools.cls","cf")  //import the Patients2 cube

If your instance does not support UDL formatting please use the .xml file.

Manual import

Import the SecurityTools.cls class or the .xml if your instance does not support UDL formatting.

Using the class

This example calls the four methods in the Ale.SecurityTools class on the SAMPLES namespace:

SAMPLES>Do ##class(Ale.SecurityTools).Info()
 .DefaultSecuritySetup("samples")         //Set up security on namepsace
 .SecurityRestore("samples")       //Restore from what DefaultSecuritySetup did
 .SecuritySetup("samples","user","role","%DeepSee_Portal:U,%Development:U")
                                   //Create a user with role and resources. You can omit user to create a role
 .SecuritySetup("samples","user","role1,role2",)  //Create a user with two existing roles

SAMPLES>Do ##class(Ale.SecurityTools).SecuritySetup("samples","user","role","%DeepSee_Portal:U,%Development:U")
New role created: role with %DeepSee_Portal:U,%Development:U
Created user with password SYS and role role
Allowed authentication methods for /csp/samples: Password, Login Cookie
Allowed authentication methods for /csp/sys: Password, Login Cookie
Allowed authentication methods for /csp/sys/bi: Password, Login Cookie

SAMPLES>Do ##class(Ale.SecurityTools).DefaultSecuritySetup("SAMPLES")
New role created: DSUser with %DeepSee_Portal:U,%Service_Terminal:U,%Development:U,%DB_SAMPLES:RW
Created simpleuser with password SYS and DSUser role
Allowed authentication methods for /csp/samples: Password, Login Cookie
Allowed authentication methods for /csp/sys: Password, Login Cookie
Allowed authentication methods for /csp/sys/bi: Password, Login Cookie
New role created: DSPowerUser with %DeepSee_AnalyzerEdit:U,%DeepSee_Portal:U,%DeepSee_PortalEdit:U,%Service_Terminal:U,%Development:U,%DB_SAMPLES:RW
Created poweruser with password SYS and DSPowerUser role
New role created: DSAdmin with %DeepSee_AnalyzerEdit:U,%DeepSee_Portal:U,%DeepSee_PortalEdit:U,%Service_Terminal:U,%Development:U,%DB_SAMPLES:RW
Created admin with password SYS and DSPowerUser,DSAdmin roles

SAMPLES>Do ##class(Ale.SecurityTools).SecurityRestore()
DSUser role deleted
DSPowerUser role deleted
DSAdmin role deleted
Deleted simpleuser
Deleted poweruser
Deleted admin
Allowed authentication methods for /csp/sys: Unauthenticated
Allowed authentication methods for /csp/sys/bi: Unauthenticated
Allowed authentication methods for /csp/samples: Unauthenticated

Do you want to give %DeepSee_ roles public USE permission? [N] 
%DeepSee_* resources are left as they are

Limitations

This routine is not officially supported by InterSystems Co. I suggest using this routine only in test environments.

You can’t perform that action at this time.