Question
Craig Regester · Oct 13

Implicitly Grant SELECT to Custom Role for All Classes in Pkg Path

Good morning -

As we're starting to create more custom message classes to represent out JSON-based integrations, I was pondering how to implicitly grant SELECT privileges to a specific Security Role so they can utilize Message Viewer to search through the message history.

So if all of our custom JSON message classes are under OurParentPkg.Messages.REST.* (e.g., OurParentPkg.Messages.REST.AddPatientRequest and OurParentPkg.Messages.REST.AddPatientResponse), is there a method to ensure that our analysts can be granted the SELECT permission to anything created under OurParentPkg.Messages.REST without needing to go into the Role and explicitly granting it with each and every new class?

I poked through the documentation in August a bit on this, playing with the SQL properties on the package tree but didn't get much traction. Hoping someone else has thought through this more than I've had the time to do and can share how they accomplished it.

 

Thanks in advance,

Craig

Product version: IRIS 2021.1
$ZV: IRIS for UNIX (IBM AIX for System Power System-64) 2021.1 (Build 215U) Wed Jun 9 2021 09:55:44 EDT [Health:3.3.0]
00
2 0 1 67
Log in or sign up to continue

Hi Craig,

Perhaps this could help -

From: https://docs.intersystems.com/irisforhealthlatest/csp/docbook/DocBook.UI.Page.cls?KEY=RSQL_grant

You can use SCHEMA schema-name as the object-list value to grant the object-privilege to all of the tables, views, and stored procedures in the named schema, in the current namespace. For example, GRANT SELECT ON SCHEMA Sample TO Deborah grants this user SELECT privilege for all objects in the Sample schema. This includes all objects that will be defined in this schema in the future. You can specify multiple schemas as a comma-separated list; for example, GRANT SELECT ON SCHEMA Sample,Cinema TO Deborah grants SELECT privilege for all objects in both the Sample and the Cinema schemas.