Roles

Syndicate content 7 

Hello.

I want to grant access only to the Message Viewer page to an specific user, in all Namespaces. I have created a rol with this privileges:

%Ens_MessageContent
%Ens_MessageHeader
%Ens_MessageTrace
%Ens_Portal

But if I want to see the list of messages, I have to grant SELECT access to the Ens.MessageHeader and Ens.MessageBody tables of each Namespace.

Is there anyway to grant access to this tables in all Namespaces at a time, even if new ones are created?

Thank you in advance.

0   0 0
0

answers

0

comments

85

views

0

rating

I have created some roles, and would like to know if there is a way to export the Roles and save them off to a file? I want to create a backup file of these roles for DR purpose, and in case I ever get hit by the preverbal bus.

Thanks

Scott Roth

The Ohio State University Wexner Medical Center

Last answer 8 October 2018 Last comment 8 October 2018
0   0 3
150

views

0

rating

In old Caché versions it was possible to create a new role based on predefined %Developer by copying it and adding some resources as needed. It was true at least from 2010.1 to 2015.1.

After upgrade from 2015.1.4 to 2017.2.1 it turned that it's only partially true now. User with a "New-Developer" role can enter Studio and open existing cls/mac/etc for editing and everything is OK unless he tries to create something new (Ctrl-N), than he gets a pop-up with %msg: <User xxx does not have enough privilege to execute stored procedure %CSP.StudioTemplateMgr_Templates>

Last comment 31 May 2018
+ 1   0 3
190

views

+ 1

rating

I am working on an ZAUTHENTICATE.mac to move us from local cache users to Delegated Authentication against LDAP. 

I have created a user role within my instance of Ensemble that matches the AD Group that I will be assigning everyone in my group to.  Is there a way to query the list of available Roles within Ensemble, and if one of my AD groups matches that role, set the role for that user?

How would I compare the AD Group against the Role listing?

Thanks

Scott

Last answer 17 February 2018 Last comment 20 February 2018
0   0 3
265

views

0

rating

I am working through trying to use ZAUTHENTICATE.mac and LDAP.mac to do Delegated sign on into Ensemble. In reading over the samples and the documentation, I am not clearly finding on how to set the Appropriate Role from the LDAP group I return. Can someone help explain this part to me? If I have a user sign on, and I return a "Group" from the Authentication, how do I get that to transform into the Role I need for Ensemble.

Thanks

Scott Roth

Last answer 12 February 2018
0   0 2
0

comments

240

views

0

rating

In part 1part 2, and part 3 parts of this series we set up three user types. In part 4 we saw how to secure model elements and DeepSee items. In this last part of the tutorial we conclude with some remarks on DeepSee security and troubleshooting tips. In particular, we see how pivot tables in User Portal can be "hidden".

+ 1   0 1
0

comments

182

views

+ 1

rating

Hi, folks!

When you deploy DeepSee solutions you often do not want grant a User  %All Role to work with a particular Dashboard.

Consider a Dashboard 'Dash' with a few widgets where listings are being used.

If you manage a Role to get access to the Dash you need to grant access to %DB_DBNAME resource to have a database access,  grant access to a Dashboard resource (if any) and ...  grant SELECT accesses to all the tables involved in SQL queries being used in all the listings of widgets.

Last answer 28 September 2017 Last comment 28 September 2017
+ 1   0 1
170

views

+ 1

rating

Hello, I am writing to request assistance on an issue I appear to be having when accessing Ensemble. I have it running on a Windows virtual machine, on a Mac laptop, and am trying to access it through the emergency ID account. When starting Ensemble through the command line window using ccontrol start ENSEMBLE /Em... I get an error and Ensemble does not start. Below is the error message I am getting when checking the logs:

Last answer 18 July 2017 Last comment 13 July 2017
+ 1   0 1
376

views

+ 1

rating

I have multiple namespaces in a Cache environment say NS1 & NS2. I want to add some restriction so that  a routine running in the NS1 should not access any resource(global/routine) belongs to namespace NS2.

The above restriction need for few of the clients only, so we do not want to write any custom logic in code. 

We are looking for some solution provided by Cache where we can restrict the namespace access.

Can somebody please help me on this.

Last answer 31 March 2017
0   0 0
0

comments

143

views

0

rating

Hi,

Initially when setting up a cache instance one creates or imports the user/ resources roles etc .

After the Mirror has been activated you can add users, resources etc. But when trying to add new SQL Table privileges to a namespace where the databases are mirrored it seems that you are not able to , Getting error: 

ERROR #5002: Cache error: <DIRECTORY>SQLUserPrivsExecute+13^%SYS.SQLSEC

SOURCE ELEMENT: %CSP.UI.Component.SQLTables (SQLTables)


How do you maintain these privileges?

 

 

Last answer 31 January 2017
0   0 1
0

comments

164

views

0

rating

Imagine that your .NET project uses the Caché DBMS and you need a fully-functional and reliable authorization system. Writing such a system from scratch would not make much sense, and you will clearly want to use something that already exists in .NET, e.g. ASP.NET Identity. By default, however, this framework supports only its native DBMS – MS SQL. Our task was to create an adaptor that would let us quickly and easily port Identity to the InterSystems Caché DBMS. This work resulted in creation of the ASP.NET Identity Caché Provider.

Last comment 25 January 2017
+ 4   0 3
866

views

+ 4

rating

This post is meant to provide a quick possible explanation for a very perplexing problem.

 

Scenario:  You’ve just created your own administrative user in your 2014.1 (or later) instance of Caché.  You gave it every possible security role (including %All), so it should in theory be able to do anything within the instance.

You’ve written a very advanced routine with a break command in it for debugging:

 

Last comment 1 November 2016
+ 7   0 2
273

views

+ 7

rating