#Roles

Hi anyone has created the user roles for UCR pls share details like if we want to create following roles what access rights should be give to each role.

UCR Admin - This user can stop/start productions, can enable/disable services, can run sql queries, can make changes in facility registries, assigning authority and other configuration.

UCR Developer - This user can add new services in the production but can not make any change in the registires and other configuraiton

Hi,

I've added a REST service which worked fine on our test system but failed on the production environment because UnknownUser does not have %All set and I really don't want it set on production (in fact I've also switched it off on test).

Is there a way to allow a single REST service to have unauthorised access?

I was thinking adding a resource/role to UnknownUser specifically for that service but I've never touched on Users/Roles/Resources so I'm struggling to work out what needs adding where.

Thanks

Hi All,

Cache / Ensemble version 2016.2.2.853.0

I have a need to restrict ODBC access to certain users to prevent unwanted access to our cache database.

We have a limited number of legacy applications that use ODBC to connect to read data and are currently not in a position to have these amended any time soon so in the interim, I am hoping someone will be able to provide me with some assistance.

Any suggestions on where to start?

Hello.

I want to grant access only to the Message Viewer page to an specific user, in all Namespaces. I have created a rol with this privileges:

%Ens_MessageContent
%Ens_MessageHeader
%Ens_MessageTrace
%Ens_Portal

But if I want to see the list of messages, I have to grant SELECT access to the Ens.MessageHeader and Ens.MessageBody tables of each Namespace.

Is there anyway to grant access to this tables in all Namespaces at a time, even if new ones are created?

Thank you in advance.

In old Caché versions it was possible to create a new role based on predefined %Developer by copying it and adding some resources as needed. It was true at least from 2010.1 to 2015.1.

After upgrade from 2015.1.4 to 2017.2.1 it turned that it's only partially true now. User with a "New-Developer" role can enter Studio and open existing cls/mac/etc for editing and everything is OK unless he tries to create something new (Ctrl-N), than he gets a pop-up with %msg: <User xxx does not have enough privilege to execute stored procedure %CSP.StudioTemplateMgr_Templates>

I am working through trying to use ZAUTHENTICATE.mac and LDAP.mac to do Delegated sign on into Ensemble. In reading over the samples and the documentation, I am not clearly finding on how to set the Appropriate Role from the LDAP group I return. Can someone help explain this part to me? If I have a user sign on, and I return a "Group" from the Authentication, how do I get that to transform into the Role I need for Ensemble.

Thanks

Scott Roth

In part 1, part 2, and part 3 of this series we set up three user types. In this part of the tutorial we see how to secure model elements (such as DeepSee cubes) and DeepSee items (such as a folder containing pivot tables and dashboards in the DeepSee User Portal). 

In part 1 we started working on a security model for DeepSee and create a user type having privileges typical of end users. In this part we are going to create a second user type with ability to edit and create DeepSee pivot tables and dashboards. 

Hi, folks!

When you deploy DeepSee solutions you often do not want grant a User  %All Role to work with a particular Dashboard.

Consider a Dashboard 'Dash' with a few widgets where listings are being used.

If you manage a Role to get access to the Dash you need to grant access to %DB_DBNAME resource to have a database access,  grant access to a Dashboard resource (if any) and ...  grant SELECT accesses to all the tables involved in SQL queries being used in all the listings of widgets.

I have multiple namespaces in a Cache environment say NS1 & NS2. I want to add some restriction so that  a routine running in the NS1 should not access any resource(global/routine) belongs to namespace NS2.

The above restriction need for few of the clients only, so we do not want to write any custom logic in code. 

We are looking for some solution provided by Cache where we can restrict the namespace access.

Can somebody please help me on this.

This post is meant to provide a quick possible explanation for a very perplexing problem.

Scenario:  You’ve just created your own administrative user in your 2014.1 (or later) instance of Caché.  You gave it every possible security role (including %All), so it should in theory be able to do anything within the instance.

You’ve written a very advanced routine with a break command in it for debugging:

Is there any method or routine available to export and import the user roles and the sql table and sql procedures associated with each role?