Question
· Apr 26, 2021

what's a SAFE way to let my boss connect to the Cache database (VIEW ONLY)

The boss (reasonable intelligent ;-) wants to connect to the cache database through Excel, but unless I explain what he's looking for (field names DB names etc) then I can see him continually coming back for "what's the link here and how do I get the delivery company name etc etc"

 

is there a SAFE way I can give him access to our database using an intelligent visual user interface.

I had thought about the SQL Query Builder within the management portal, but the thought of giving him access to all of the other functionality of the management portal.

I also need to make it READONLY, again for obvious reasons.

and of course hide all the % classes

I've played with Beaver, but can't see how I can give him restrictions, 

 

Anyone got any good ideas how I can give the boss what he wants. ?

Kevin

Product version: Caché 2017.1
Discussion (3)1
Log in or sign up to continue

Hello Kevin,

I'm not very familiar with 3rd party tools that could be good for this (I'm sure they exist), but you should be able to design a Caché-role that has the restrictions you are looking for. I think you should be able to use SQL and portal permissions to lock down a role to your specifications.

Using Custom Resources with the Management Portal

SQL Privileges and System Privileges

Hi Kevin,

I think it is better if we refine the requirement for some details so that we can refer to a set of configurations to achieve what you want.

1. The user can only visit specific DBs instead of all DBs.  Therefore, we will use specific resource to protect specific DB.


2. The user can use SQL from third party tools to visit the DBs through ODBC and JDBC connections, therefore, he need not only DB access but also specific SQL privileges. 


Reference:https://docs.intersystems.com/irisforhealthlatest/csp/docbook/Doc.View.c...

We can make the user a READONLY one by assigning only Select SQL privilege to him.
We can also use portal to define the privileges:

3. If the user can only use SQL and should not use portal to visit IRIS, the simplest way is not to assign roles such as %Operator, %Manager to the user, he then can only visit portal but can not use menus to perform action and we will Never refer to %All from a user expected to have limited previleges.