Security

Syndicate content 15 

Over the past year or so, my team (Application Services at InterSystems - tasked with building and maintaining many of our internal applications, and providing tools and best practices for other departmental applications) has embarked on a journey toward building Angular/REST-based user interfaces to existing applications originally built using CSP and/or Zen. This has presented an interesting challenge that may be familiar to many of you - building out new REST APIs to existing data models and business logic.

+ 9   5 7
463

views

+ 9

rating

This article, and following two articles of the series, is intended as a user guide for developers or system administrators, who need to work with OAuth 2.0 framework (further referred to as OAUTH for simplicity) in their InterSystems product based applications.

Last reply 1 days ago
+ 13   7 7
5,548

views

+ 13

rating

Hi,

I've added a REST service which worked fine on our test system but failed on the production environment because UnknownUser does not have %All set and I really don't want it set on production (in fact I've also switched it off on test).

Is there a way to allow a single REST service to have unauthorised access?

I was thinking adding a resource/role to UnknownUser specifically for that service but I've never touched on Users/Roles/Resources so I'm struggling to work out what needs adding where.

Thanks

Last reply 10 days ago
0   0 2
60

views

0

rating

Hi,

I am attempting to set up a security role for our support team so they can have read access to the production and messages.

I have given the role RW rights on the resource associated with the database. However, when I log into Management Portal and select "Ensemble", the "Available Ensemble namespaces" list is empty.

What permissions do i need to set to be able to navigate to the production?

Thanks in advance,

Carl

 

Edit:

Last reply 20 July 2020
0   0 3
85

views

0

rating

Many organisations implement centralised log management systems to separate and centralise the log data in order to e.g. automate threat detection (and response) and to comply with regulatory requirements. The primary systems of interest are the various user facing applications, but increasingly also other kinds of systems including integration platforms.
+ 1   0 1
0

replies

65

views

+ 1

rating

Hi All,

Actually, I'm developing few restful API's. I want to create a authentication tokens and display it on my login restful API. If I'm using CSP sessionId, how can I validate the session Id's in another or continues restful API's. else, is there any other approach to handle this task. 

My Primary goal is, I have to integrate 2 different front end applications. One is Zen framework another one is web pages from Python. 

If any lead, it would be appreciated. 

Thanks,

Arun Kumar Durairaj. 

Last reply 15 June 2020
0   0 1
212

views

0

rating

About regulations

Personal data privacy regulations have become an indispensable requirement for projects dealing with personal data. The compliance with these laws is based on 4 principles:

+ 3   1 1
0

replies

84

views

+ 3

rating

When you first start working with InterSystems IRIS, it’s a common practice to install a system with only a minimum level of security. You have to enter passwords fewer times and this makes it easier to work with development services and web applications when you're first getting acquainted. And, sometimes, minimal security is more convenient for deploying a developed project or solution.
And yet there comes a moment when you need to move your project out of development, into an Internet environment that’s very likely hostile, and it needs to be tested with the maximum security settings (that is, completely locked down) before being deployed to production. And that’s what we’ll discuss in this article.
For more complete coverage of DBMS security issues in InterSystems Caché, Ensemble, and IRIS, you may want to read my other article, Recommendations on installing the InterSystems Caché DBMS for a production environment.
The security system in InterSystems IRIS is based on the concept of applying different security settings for different categories: users, roles, services, resources, privileges, and applications.

Users can be assigned roles. Users and roles can have privileges on resources — databases, services, and applications — with varying read, write, and use rights. Users and roles can also have SQL privileges on the SQL tables located in databases.

+ 3   2 2
198

views

+ 3

rating

Hi guys,

 

Couple days ago, a customer approached me with the wish to enhance their existing legacy application, that uses SOAP (Web)Services so it shares the same authorization with their new application API based on REST. As their new application uses OAuth2, the challenge was clear; how to pass access token with SOAP request to the server.

After spending some time on Google, it turned out, that one of possible ways of doing so was adding an extra header element to the SOAP envelope and then making sure the WebService implementation does what is needed to validate the access token.

Last reply 3 April 2020
+ 5   1 2
3,180

views

+ 5

rating

Hi,

 

I'm using Operating System authentication and I need to give permission on Healthshare to allow a user to run only this two commands 

##Class(Backup.General).ExternalFreeze()

and

##Class(Backup.General).ExternalThaw()

This user is gonna be use to backup only.

There are any role on HealthShare for this?

Last reply 2 April 2020
0   1 2
57

views

0

rating

In this 3-part series of articles, is shown how you can use IAM to simply add security, according to OAuth 2.0 standards, to a previously unauthenticated service deployed in IRIS.

In the first part, was provided some OAuth 2.0 background together with some IRIS and IAM initial definitions and configurations in order to facilitate the understanding of the whole process of securing your services.

+ 1   0 1
0

replies

134

views

+ 1

rating

In this 3-part series of articles, is shown how you can use IAM to simply add security, according to OAuth 2.0 standards, to a previously unauthenticated service deployed in IRIS.

In the first part, was provided some OAuth 2.0 background together with some IRIS and IAM initial definitions and configurations in order to facilitate the understanding of the whole process of securing your services.

+ 1   0 1
0

replies

153

views

+ 1

rating

Introduction

Nowadays, there is a lot of applications that are using Open Authorization framework (OAuth) to access resources from all kinds of services in a secure, reliable and efficient manner. InterSystems IRIS is already compatible with OAuth 2.0 framework, in fact, there is a great article in the community regarding OAuth 2.0 and InterSystems IRIS in the following link here.

+ 1   0 1
0

replies

205

views

+ 1

rating

I just tried to log into our QA server and connect to Terminal (v 2013.1). 

I can type in my username but when I attempt to type my password, no characters are typed. When I press ENTER the password is invalid. 

I can connect to the management portal and the studio development environment without any problems.  Also, I do not have this problem when connecting to the terminal in our production environment (2010). 

Does anyone know what can cause this type of problem? 

Thanks. 

Last reply 26 March 2020
0   0 3
133

views

0

rating

I am attempting to pragmatically create a bunch of roles and then assign the appropriate resources to that role.

Currently, the only ways to add resources to a role are to:

1. Do through Management Portal

2. Go through ^SECURITY (add resource one at a time)

 

My Intention would be to do the following: do ^SECURITY Role Setup Edit Role When prompted for resources to add, be able to use *

 

Last reply 16 March 2020
0   0 2
99

views

0

rating

This error is sometimes seen while viewing a listing in InterSystems IRIS Business Intelligence:
ERROR #5540: SQLCODE: -99 Message: User <USERNAME> is not privileged for the operation (4)  

As the error suggests, this is due to a permission error. To figure out which permissions are missing/needed, we can take a look at the SQL query that is generated. We will use a query from SAMPLES as an example.

+ 1   0 1
0

replies

86

views

+ 1

rating

When using Studio, ODBC or a terminal connection to Caché or Ensemble, you may have wondered how to secure the connection. One option is to add TLS (aka SSL) to your connection. The Caché client applications - TELNET, ODBC and Studio - all understand how to add TLS to the connection. They just need to be configured to do it.

Configuring these clients is easier in 2015.1 and later. I'm going to be discussing this new method. If you're already using the old, legacy method, it will continue to work, but I would recommend you consider switching to the new one.

Last reply 26 February 2020
+ 18   0 8
3,116

views

+ 18

rating

Hello,

I am working on Ensemble 2017.2.1 .
I need to export my security settings into an extern database, in order to make a report.

I've created a Business Operation with an SQL Adapter into a Namespace, but I don't know how to get every security data from "%SYS" Namespace  ( SQLPrivileges , Resources , Roles , Services , Users ... ).

I dont't want to use the terminal and the ^SECURITY routine, because i don't want to store a XML file on the server.

Last reply 30 January 2020
0   0 2
97

views

0

rating

Cache / Ensemble version 2016.2.2.853.0

I have a need to restrict ODBC access to certain users to prevent unwanted access to our cache database.

We have a limited number of legacy applications that use ODBC to connect to read data and are currently not in a position to have these amended any time soon so in the interim, I am hoping someone will be able to provide me with some assistance.

Any suggestions on where to start?

0   0 0
191

views

0

rating