Article
· Nov 29, 2021 2m read

Changes to the security level of the system


Developing the project zpm "install isc-apptools-lockdown" implemented the ability to set the security level not only to lockdown, but also to minimum and normal.

Increasing security settings

You can replace the shared password if the password of the predefined system users has been compromised

USER>do ##class(appmsw.security.lockdown).ChangePassword("NewPass231",##class(appmsw.security.lockdown).GetPreparedUsers())

Apply Security settings to "LockDown"

USER>do ##class(appmsw.security.lockdown).SetSecurityLevel("lockdown","NewPassword123")

or equivalent

USER>zpm "install isc-apptools-lockdown -Dzpm.securitylevel=lockdown -Dzpm.newpasswd=NewPassword123"

Apply Security settings to "normal"

USER>do ##class(appmsw.security.lockdown).SetSecurityLevel("normal","NewPassword123")

or equivalent

USER>zpm "install isc-apptools-lockdown -Dzpm.securitylevel=normal -Dzpm.newpasswd=NewPassword123"

Apply Security settings to "minimum"

USER>do ##class(appmsw.security.lockdown).SetSecurityLevel("minimum","SYS")

or equivalent

USER>zpm "install isc-apptools-lockdown -Dzpm.securitylevel=minimum -Dzpm.newpasswd=SYS"

Added methods for saving the current security level to the global and applying these settings to other instances.

To do this, you need to save the current applied security settings: the values ​​of the Enabled and AutheEnabled parameters in the predefined objects of the Security.Applications, Security.Services and Security.System classes in the global by running the command

do ##class(appmsw.security.lockdown).SaveSecLevel(1,"Custom",,"d:\!\Custom.xml")

Import this Custom.xml global to the target instance and apply this applied security level there with the command

do ##class(appmsw.security.lockdown).SetSecurityLevel("Custom","Custom321level")

or

zpm "install isc-apptools-lockdown -Dzpm.securitylevel=Custom -Dzpm.newpasswd=Custom321level"

I will be glad if my project will be useful in improving your systems in the security section.
I invite you to vote for my project

Discussion (0)1
Log in or sign up to continue