New post
Question
· Mar 9, 2022

Set 'GRANT EXECUTE ON %Library.RoutineMgr_StudioOpenDialog TO *' Globally Somehow ?

#Development Environment #VSCode

We have an implementation with a bunch of users, and a bunch of namespaces, both of which are added and removed frequently, and the users have restrictive perms in the namespaces (lets just say, not %All)... and the users are utilizing the VSCODE extension for development.

Per the instructions and the user experience, we need to run:

GRANT EXECUTE ON %Library.RoutineMgr_StudioOpenDialog TO ${user}

For ... each Namespace, and additionally %SYS for Web Apps.

Is there a way to globally just make this happen "once" somewhere or is it absolutely necessary find a spot to invoke it?

We use delegated auth on /apit/atelier and the SMP, so a hook in ZAUTHENTICATE.mac can be execute the above to iterate all namespaces, %SYS, upon login, but was wondering if something a little cleaner could be used ?

Product version: IRIS 2022.1
Discussion (4)3
Log in or sign up to continue
Ron Sweeney · Mar 10, 2022

Follow up here on the implementation of @Eduard Lebedyuk 's suggestion for the community and Google Geuse...

New $Namespace
Set $Namespace = "%SYS"
Set tSC = $$$OK
Set tSC = ##class(Security.Roles).Create("VSCODE")
Set tQuery = "GRANT EXECUTE ON %Library.RoutineMgr_StudioOpenDialog TO VSCODE"
Set tStatement = ##class(%SQL.Statement).%New()
Set tSC = tStatement.%Prepare(tQuery)
Set tResultSet = tStatement.%Execute()
Set pProp("MatchRoles")=":%EnsRole_Developer:VSCODE"
Set tSC = ##class(Security.Applications).Modify("/api/atelier", .pProp)
Quit tSC
0 0
Eduard Lebedyuk · Mar 10, 2022

You can replace:

Set tQuery = "GRANT EXECUTE ON %Library.RoutineMgr_StudioOpenDialog TO VSCODE"
Set tStatement = ##class(%SQL.Statement).%New()
Set tSC = tStatement.%Prepare(tQuery)
Set tResultSet = tStatement.%Execute()

with:

Set tSC = ##class(%SQL.Statement).%ExecDirect(, "GRANT EXECUTE ON %Library.RoutineMgr_StudioOpenDialog TO VSCODE")

Still, unfortunate there's no object way to do that, only relational. And %EnsembleMgr:addSQLPrivilege is private.

0 0