Adding Resources to a Newly Created Role

Question

Question

Randall Hiser · Mar 13, 2020

I am attempting to pragmatically create a bunch of roles and then assign the appropriate resources to that role.

Currently, the only ways to add resources to a role are to:

1. Do through Management Portal

2. Go through ^SECURITY (add resource one at a time)

My Intention would be to do the following: do ^SECURITY Role Setup Edit Role When prompted for resources to add, be able to use *

Additionally, I was thinking that an additional method can either exist (that I seem to can't find) or create a new method called AddResources: ##Class(Security.Roles).AddResources("role name", "resources to add [can use * for all]")

Any thoughts or maybe another way to work around this?

Discussion (2)1

Log in or sign up to continue

Steve Clay · Mar 16, 2020

You can use the Get and Modify methods in coordination with the Security.Resources:List() query (which allows wildcards). Here is some

untested code which will give you an idea of what you can do:

%SYS>s x=##Class(Security.Roles).Get("%developer",.Properties)

%SYS>zw Properties
Properties("Description")="A Role owned by all Developers"
Properties("GrantedRoles")=""
Properties("Resources")="%DB_%DEFAULT:RW,%DB_IRISLIB:R,%DB_IRISLOCALDATA:R,%DB_IRISTEMP:RW,%DB_USER:RW,%Development:U,%DocDB_Admin:U,%Service_Console:U,%Service_DocDB:U,%Service_Object:U,%Service_SQL:U,%Service_Telnet:U,%Service_Terminal:U,%Service_WebGateway:U,%System_CallOut:U"

;Now get the list of resources you want using a result set.

Set Rset = ##class(%ResultSet).%New("Security.Resources:List")
i '$$$ISOK(Rset) d $SYSTEM.Status.DisplayError(%objlasterror) q
s Status=Rset.Execute("*") ; See class documentation of what you can use for wildcards here
i '$$$ISOK(Status) Do $System.OBJ.DisplayError(Status) q

s ResourceString=""

While Rset.Next(.Status) {
s Resource=Rset.Data("Name")
s ResourceString=ResourceString_Resource_":RW"_","

}

i '$$$ISOK(Status) Do $System.OBJ.DisplayError(Status) q
s ResourceString=$e(ResourceString,1,*-1) ; Remove trailing comma
;Now add to the existing resource string. Duplicates are ignored.

s Properties(Resources)=Properties("Resources")_","_ResourceString

;Now save it

s Status=##Class(Security.Roles).Modify("%developer",.Properties)

0 0

score 0 · Answer 1 · 2020-03-14T04:27:00-04:00

Open role as an object (note lowercase):

set role = "%db_cachetemp"
set roleObj = ##class(Security.Roles).%OpenId(role)

Create required resource as an object:

set resouceObj = ##class(Security.Resource).%New()
/// set resource

Insert resource into the role and save the role

do roleObj.Resources.Insert(resourceObj)
set sc = roleObj.%Save()

And role has a new resource.