Limiting User Access: how to deny access to the Management Portal

Question

Question

#Access control #Analytics #Management Portal #Security #InterSystems IRIS for Health #InterSystems IRIS BI (DeepSee)

Hello everyone! 👋

I have a question regarding roles and resources.

To give you some context: I have a user who has been assigned only the role %HS_UsageDashboard_Access.This allows them to access the dashboards correctly (by giving the direct URL). Then, if I try to access the Management Portal with this same user, I can log in with no access to any resources within it (as expected).

The point is that I would like to completely deny him access to the Management Portal, while allowing him to view only the dashboards, as expected from the %HS_UsageDashboard_Access role. I can give users access to resources, but can I also deny them in some way? Does anyone have any suggestions?

Thanks 🤗

Discussion (2)2

Log in or sign up to continue

David Hockenbroch · Oct 30

Look in the System Management Portal under System Administration, Security, Applications, Web Applications, and look for the /csp/sys application. That's the System Management Portal. You can probably set a required resource there, and then only people who have that resource should be able to access it. You'll probably want to make a new resource, not just use an existing one. Just make sure you have that resource before you make that change so you don't lock yourself out!

2 0

score 0 · Answer 1 · 2025-10-30T07:38:27-04:00

To completely deny a user access to the Management Portal while allowing them to access dashboards, you can utilize InterSystems IRIS web application settings and roles effectively. Here is how:

Restrict Access to the Management Portal Web Applications:
- Navigate to the Management Portal: System Administration > Security > Applications > Web Applications.
- Find the relevant web applications that make up the Management Portal (e.g., /csp/sys, /csp/sys/mgr, /csp/sys/op) and edit them.
- Set the "Resource Required" to a custom resource that the user’s role does not have permission to access [1][2].
Grant Specific Permissions for Dashboard Viewing:
- Create a role for the user that includes access to the resource %DeepSee_Portal with USE permission.
- Ensure the web application hosting dashboards (e.g., /csp/app or similar) allows this resource [3][4][5].
Auditing and Public Permissions:
- Review public permissions for the resources associated with the web applications to prevent unintended access.
- Enable auditing to help monitor user access and ensure security configurations are correctly implemented [6].

By designing custom resources and roles, the user can be restricted from accessing the Management Portal while retaining access to the required dashboards [2][6].

Sources:

1.How to secure a WS user?

2.Using the Management Portal | System Administration Guide | InterSystems IRIS Data Platform 2025.2

3.Access deepsee dashboard via delegated access

4.DeepSee: Setting up security - Part 1 of 5

5.DeepSee: Setting up security - Part 5 of 5

6.Tighten Security for an Instance | Security Reference | InterSystems IRIS Data Platform 2025.2