Set 'GRANT EXECUTE ON %Library.RoutineMgr_StudioOpenDialog TO *' Globally Somehow ?
We have an implementation with a bunch of users, and a bunch of namespaces, both of which are added and removed frequently, and the users have restrictive perms in the namespaces (lets just say, not %All)... and the users are utilizing the VSCODE extension for development.
Per the instructions and the user experience, we need to run:
GRANT EXECUTE ON %Library.RoutineMgr_StudioOpenDialog TO ${user}
For ... each Namespace, and additionally %SYS for Web Apps.
Is there a way to globally just make this happen "once" somewhere or is it absolutely necessary find a spot to invoke it?
We use delegated auth on /apit/atelier and the SMP, so a hook in ZAUTHENTICATE.mac can be execute the above to iterate all namespaces, %SYS, upon login, but was wondering if something a little cleaner could be used ?
Add a role with execute on StudioOpenDialog to /api/atelier web app?
thank you!
Follow up here on the implementation of @Eduard Lebedyuk 's suggestion for the community and Google Geuse...
New $Namespace Set $Namespace = "%SYS" Set tSC = $$$OK Set tSC = ##class(Security.Roles).Create("VSCODE") Set tQuery = "GRANT EXECUTE ON %Library.RoutineMgr_StudioOpenDialog TO VSCODE" Set tStatement = ##class(%SQL.Statement).%New() Set tSC = tStatement.%Prepare(tQuery) Set tResultSet = tStatement.%Execute() Set pProp("MatchRoles")=":%EnsRole_Developer:VSCODE" Set tSC = ##class(Security.Applications).Modify("/api/atelier", .pProp) Quit tSC
You can replace:
Set tQuery = "GRANT EXECUTE ON %Library.RoutineMgr_StudioOpenDialog TO VSCODE" Set tStatement = ##class(%SQL.Statement).%New() Set tSC = tStatement.%Prepare(tQuery) Set tResultSet = tStatement.%Execute()
with:
Still, unfortunate there's no object way to do that, only relational. And %EnsembleMgr:addSQLPrivilege is private.