How to Automatically Grant Access For SQL Tables Which Are Involved in Listing of a Widget

Hi, folks!

When you deploy DeepSee solutions you often do not want grant a User  %All Role to work with a particular Dashboard.

Consider a Dashboard 'Dash' with a few widgets where listings are being used.

If you manage a Role to get access to the Dash you need to grant access to %DB_DBNAME resource to have a database access,  grant access to a Dashboard resource (if any) and ...  grant SELECT accesses to all the tables involved in SQL queries being used in all the listings of widgets.

And every time(!) when you update a listing you need to rearrange that access level in a Role (either grant new or revoke not used anymore) to the tables.

How do you manage that? Manually? Or you have a magic shortcut script or recipes in hands? Would you please share? 

  • + 1
  • 0
  • 177
  • 1
  • 2

Answers

Currently the only way to give permissions on "Future" tables (that is, tables you haven't created yet) is to grant permissions on the schema and then add tables to that schema.  

Note that when you assign SQL Privileges, you should do so to a Role. The InterSystems security model is such that you grant resources to roles, and roles to users.  SQL Permissions are resources that you should grant to Roles.

Currently the only way to give permissions on "Future" tables (that is, tables you haven't created yet) is to grant permissions on the schema and then add tables to that schema.

Hi, Kyle! I do not want to grant permissions to "Future" tables, though your suggestion is interesting and helpful. The question was if anyone has a kind of wise parser which examines all the Listings in all widgets of a Dashboard and parse FROM clause to grant permissions to tables listed there.