Custom Operation for make ip address and port read only based on the user role

Question

Question

Mohan Samarawickrama · Jan 29, 2018

Is there any possibility to implementing a custom TCP Operation (or any other possible way) which can enable/disable (readonly) the controllers such as ipaddress and port. This need to be done based on the role of the user logged in to the management portal.

Appreciate if anyone can provide sample code around this...

Discussion (8)2

Log in or sign up to continue

Jeffrey Drumm · Jan 29, 2018

I think the intent is to limit configuration control of business hosts in an Ensemble production based on user role. Effectively, prevent a Cache/Ensemble user from changing the IP address or port number of a TCP/IP Business Operation through the Management Console without restricting the ability to view the settings.

0 0

Steve Pisani · Jan 30, 2018

Hi,

I had a closer look, and it is not actually an "OnValidate" method per se that exists for use,..- but the feature does exist...

You need to create a <setting>IsValid() method. something like this:

 Class qmd.CustomAdapter Extends EnsLib.TCP.InboundAdapter [ ProcedureBlock ]
{

Parameter SETTINGS = "MyCustomSetting";

Property MyCustomSetting As %Integer;

ClassMethod MyCustomSettingIsValid(%val) As %Status
{
if %val'?1.n quit $$$ERROR(5001,"My Custom Setting should be an integer.")
Quit $$$OK
}

}

Hope this helps.

Steve

0 0

score 0 · Answer 1 · 2018-01-29T14:48:22-05:00

enable/diasable ( readonly ) the controllers such as ipaddress and port

Can you elaborate on that? What do you want to do?

score 0 · Answer 2 · 2018-01-29T15:59:54-05:00

Mohan Samarawickrama · Jan 29, 2018

exactly, that's what I meant initially

0 0

score 0 · Answer 3 · 2018-01-29T16:05:09-05:00

You can give user %EnsRole_Operator role:
Role for operation staff managing the day-to-day status of a particular production. Users assigned to this role have the Read permission on the current configuration to determine what settings and code are in effect, but do not have permissions to modify the configuration. Operations staff may start and stop interfaces, and may start and stop the production. They do not have access to the contents of messages, but may resend messages which cause issues. Operators may view queue and job information, and may inspect the settings for purges, alerts, credentials, and lookup tables.

Other approach would be readonly access the tables of the Ens.Config package.

score 0 · Answer 4 · 2018-01-30T05:36:00-05:00

Can you please provide example of OnValidate?

Here's what I tried and it does not work:

Class Test.InboundAdapter Extends Ens.InboundAdapter
{

/// Stream class to store message body. Leave empty to use strings.
Property BodyClass As %Dictionary.CacheClassname;

Parameter SETTINGS = "BodyClass:Basic";

/// Does not get called.
Method OnValidate(args...)
{
    merge ^b = args
    quit $$$ERROR($$$GeneralError, "Some error")
}

/// Runtime only. And $username is always _Ensemble. ##super() is in Ens.Settings
Method AssignOneSetting(pProperty As %String, pValue As %String, pName As %String) As %Status
{
    set ^c($i(^c)) = $lb(pProperty, pValue, pName, $username)
    quit ##super(pProperty, pValue, pName)
}
}

score 0 · Answer 5 · 2018-01-30T06:56:00-05:00

Eduard Lebedyuk · Jan 30, 2018

<Prop>IsValid is one of the autogenerated property methods.

It would fire on object save and work in this situation.

Nice.

0 0

score 0 · Answer 6 · 2018-01-30T05:18:07-05:00

Hi

I've not validate this suggestion by trying this myself yet,...so just an idea: I do know that when defining custom settings for an adapter, you are given an OnValidate callback of sorts to validate user input.

You could put security checks (check if user holds a custom resources) in that method.

You may need to do a simple subclass of your to adapter to implement correctly though.

Steve