New post
Question
· Oct 6, 2023

Locking down - Security Errors with _Ensemble

#Access control #Security #System Administration #Health Connect #InterSystems IRIS #InterSystems IRIS for Health

I am trying to lock down security within our Development environment per requirements from a Security Audit that was done earlier this year. I need to try to limit access at a public level, access to cache users, and exposure.

I installed IRIS with the Lockdown method, and have configured my web applications, services, resources, etc.

When I go into my namespace, I am constantly presented with the following error when I try to start or stop an Object...

Cannot login as IRIS manager. Please confirm the '_Ensemble' user is enabled and is assigned the '%All' role.

_Ensemble already has the %ALL role, so I do not understand why this error is being thrown..

The web application is set to Unauthenticated, to see if this would help but I am still having errors..

The services is also set to Unauthenticated..

 

I tried resetting the _Ensemble password but with no luck, I am still seeing that error when attempting to stop/start Objects within devclin namespace.

Can anyone help me as to why I keep seeing this error?

Product version: IRIS 2023.1
$ZV: IRIS for UNIX (Red Hat Enterprise Linux 8 for x86-64) 2023.1.1 (Build 380U) Fri Jul 7 2023 23:36:58 EDT
Discussion (3)1
Log in or sign up to continue
Justin Owens · Oct 6, 2023

I would guess it has something to do with the system not wanting you to use that account. When I look at the _Ensemble account, it says it is for "Internal use - not for login". I would assume the Locked Down code is now enforcing that restriction. This is based on the error saying "Cannot login as IRIS manager" which is what the account is also labeled. I have never tried to login with _Ensemble before so I'm not sure if it works in a non-Locked Down environment either.

0 0