Create or List Management Portal Users and Roles programatically

Question

Question

Phillip Wu · Jul 22

Hi,

To add or get information about a user for the management portal you can [within the portal]:
System Administration > Security Management > Users

Is it possible to:

1. List a user, user's properties including roles

2. Add a user and set user's properties including roles

3. Set a user's password

for the management portal using a program eg. Objectscript and/or SQL?

If so, how can this be done?

It would be great if you have examples.

Discussion (5)1

Log in or sign up to continue

score 0 · Answer 1 · 2025-07-22T20:24:16-04:00

To list a user and their properties, including roles, you can use ObjectScript commands with the Security.Users class in the %SYS namespace. An example of listing the properties of a user is:

NEW $NAMESPACE
SET $NAMESPACE="%SYS"
SET status = ##class(Security.Users).Get("Username", .properties)
IF $$$ISOK(status) {
    ZWRITE properties
}

This retrieves the user's properties into a reference variable and displays them [1][2].

To add a user and set their properties, including roles, you can use the Create method of the Security.Users class. For example:

NEW $NAMESPACE
SET $NAMESPACE="%SYS"
SET properties("FullName") = "New User"
SET properties("Password") = "securepassword"
SET properties("UserRoles") = "%Developer,%Operator"
SET status = ##class(Security.Users).Create("NewUser", .properties)
IF $$$ISOK(status) {
    WRITE "User created successfully."
}

This creates a user with specified roles and other details [1][2].

To set a user's password, you can use the Modify method to update the relevant property, as in:

NEW $NAMESPACE
SET $NAMESPACE="%SYS"
SET status = ##class(Security.Users).Get("Username", .properties)
IF $$$ISOK(status) {
    SET properties("Password") = "newpassword"
    SET status = ##class(Security.Users).Modify("Username", .properties)
    IF $$$ISOK(status) {
        WRITE "Password updated successfully."
    }
}

This updates the user's password [1][2].

Sources:

1.The Security Package - Editing Users Programmatically

2.Manipulating Security Entities Programmatically

score 0 · Answer 2 · 2025-07-22T22:21:37-04:00

Dmitrij Vladimirov · Jul 22

@Phillip Wu
This code is mostly ok but there is not need to use $NEW NAMESPACE

0 0

score 0 · Answer 3 · 2025-07-23T03:09:19-04:00

Thanks for the info.

However for "roles" SQL gives different information to that from ObjectScript:

select * from Security.Roles

ID

Description

GrantedRoles

Name

NameLowerCase

Version

However,

%SYS>Set status = ##class(Security.Roles).Get("anyrole",.properties)

%SYS>write status
1
%SYS>zwrite properties
properties("Description")="Super User Role"
properties("GrantedRoles")="NormalUserRole"
properties("Resources")="%DB_IRISSYS:R,%Service_CacheDirect:U,%Service_Object:U,%Service_WebGateway:U,%System_CallOut:U"

Why is that?

score 0 · Answer 4 · 2025-07-22T22:22:07-04:00

Dmitrij Vladimirov · Jul 22

Also check this doc

https://docs.intersystems.com/iris20251/csp/docbook/DocBook.UI.Page.cls?...

0 0

score 0 · Answer 5 · 2025-07-23T03:22:19-04:00

Hi Philip,

https://community.intersystems.com/post/unwrap-roles-recursively

you can refer to this above post. This post says how to fetch the current roles of the user. You use a similar way to insert them.