· Feb 21, 2016

How to Properly setting up CSP-Application (Security)?


posted some weeks ago in the "old" ZEN Google Group, maybe someone here can help to understand how to properly setting up a csp applications and contributing from the build-in caché security mechanism.

I´ve created a webapplication and wan´t to add further security to it using the smp. But... first things first.

I have two Databases let´s say DB1-LOGIN and DB2-Application. Each of this DBs has a resource assigned. DB1-LOGIN has a resource %DB1-LOGIN which has a public permission of 'read'. DB2 has a resource as well %DB2-Application with no public access.

I have defined two roles webapp-admin and webapp-user. Only webapp-admin and webapp-user are allowed to access DB2-Application. I´ve created to test users. test-admin (which has the webapp-admin assigned) and webapp-user (no special roles assigned). The CSP-Application in the smp has application role webapp-user. So test-user is automatically a webapp-user. So far so good.

Q1 - Must the defined ressources are also need to be added to the csp-application roles tab?
Q2 - How to set the required resource to run the csp-application (general tab - but listbox does not show any of my defined resources)?
Q3 - How to assign the resource to the roles webapp-admin and webapp-user?
Q4 - Securing Access to pages - ZEN-Page Class Parameter RESOURCE how to define under the given circumstances. I have pages which shall only be accessed by a webapp-admin. So I guess the parameter look like RESOURCE = "webapp-admin:U". But how to define this "use" - flag?

Best regards,


Discussion (7)2
Log in or sign up to continue

1. They must be granted to either application or user

2. Only resources of Service, Application and User type could be used there. %DB are database resources

3. SMP -> Menu -> View Roles -> Choose the role "webapp-admin" -> General Tab -> Priveleges -> Add -> choose the resoure -> OK -> Save

Repeat for webapp-user

4. Like this:

Parameter RESOURCE = "ResourceName1:Permission,ResourceName2,ResourceName3:Permission";

Where Permission is one of: READ, WRITE, USE

If Permission is skipped (see ResourceName2) then USE permission is checked.



sry for the late response. I´ve managed to setup the application, roles and priveliges as suggested. My application does use a set of (currently) 20 stored procedures to fetch data from the server. The problem now is that the webapp-admin and webapp-user have no permission to run this stored procedures. I thought it would be sufficient to add the db ressource to the roles to access this stored procedures. Does this mean, that I need to add every single stored procedure to the sql procedure tab in the role definition?

best regards,


What Caché version are you working with?

The use of SCHEMA in this way is documented at but not at so it appears to have been introduced with 2015.1. I didn't find any mention of it in the 2015.1 release notes though.