Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Required application roles on install with Normal security settings #54

Closed
eduard93 opened this issue Feb 12, 2016 · 4 comments
Closed

Required application roles on install with Normal security settings #54

eduard93 opened this issue Feb 12, 2016 · 4 comments
Assignees
@eduard93
Labels
bug

Comments

@eduard93
Copy link
Contributor

App: /terminalsocket in USER namespace requires %DB_CACHESYS and %DB_USER so UnknownUser can access it.

Here's an audit message without %DB_CACHESYS so we can maybe remove the dependency. Namespace routines db needs to have public RW (maybe R is enough?) resource, or if not, role given to web app.

Audit Details:
Description Attempt to access a protected resource
Timestamp 2016-02-12 16:05:09.226
UTCTimestamp 2016-02-12 21:05:09.226
Event Source %System
Event Type %Security
Event Protect
Username UnknownUser
Pid 23104
JobId 2424862
JobNumber 30
IP Address
Executable CSPap.so
System ID
Index 16384
Roles %DB_%DEFAULT,%DB_CACHE,%DB_USER
Authentication Unauthenticated
Namespace USER
Routine zRequireAuthorization+19^WebTerminal.Engine.1 |"^^/InterSystems/Cache/mgr/user/"|
User Info
O/S Username CSP Gateway
Status
Event Data zRequireAuthorization+19^WebTerminal.Engine.1 */InterSystems/Cache/mgr/
@eduard93
Copy link
Contributor Author

Oh, of course zRequireAuthorization+19^WebTerminal.Engine.1:

zn "%SYS"
do ##class(Security.Users).Get(username, .userProps)

@eduard93
Copy link
Contributor Author

So, no way without %DB_CACHESYS I guess

eduard93 added a commit that referenced this issue Feb 13, 2016
@eduard93
Start on #54
c84c136 
Need to: determine role, required to access given ns (with globals db RW resource) and add it too MatchRoles
@eduard93 eduard93 mentioned this issue Feb 15, 2016
Merged
@eduard93 eduard93 added the bug label Feb 15, 2016
@eduard93 eduard93 self-assigned this Feb 15, 2016
@nikitaeverywhere
Copy link
Member

Please, build the latest terminal from master and verify if it works for 2016.1 with normal security option.

If it is, let's make this issue resolved!

Thank you!

@eduard93
Copy link
Contributor Author

Tested

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eduard93 eduard93

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nikitaeverywhere @eduard93