Security

This article, and following two articles of the series, is intended as a user guide for developers or system administrators, who need to work with OAuth 2.0 framework (further referred to as OAUTH for simplicity) in their InterSystems product based applications.

Hi,

I've added a REST service which worked fine on our test system but failed on the production environment because UnknownUser does not have %All set and I really don't want it set on production (in fact I've also switched it off on test).

Is there a way to allow a single REST service to have unauthorised access?

I was thinking adding a resource/role to UnknownUser specifically for that service but I've never touched on Users/Roles/Resources so I'm struggling to work out what needs adding where.

Thanks

Hi,

I am attempting to set up a security role for our support team so they can have read access to the production and messages.

I have given the role RW rights on the resource associated with the database. However, when I log into Management Portal and select "Ensemble", the "Available Ensemble namespaces" list is empty.

What permissions do i need to set to be able to navigate to the production?

Thanks in advance,

Carl

Edit:

Hi All,

Actually, I'm developing few restful API's. I want to create a authentication tokens and display it on my login restful API. If I'm using CSP sessionId, how can I validate the session Id's in another or continues restful API's. else, is there any other approach to handle this task. 

My Primary goal is, I have to integrate 2 different front end applications. One is Zen framework another one is web pages from Python. 

If any lead, it would be appreciated. 

Thanks,

Arun Kumar Durairaj. 

About regulations

Personal data privacy regulations have become an indispensable requirement for projects dealing with personal data. The compliance with these laws is based on 4 principles:

You will know this label well and what's enclosed is not meant for every day's use.

I'll try to describe a situation that never can happen to you - - - - until you face it suddenly.

Hi,

Has anyone tried to call Security.Users class (in %SYS namespace) for creating or editing users from a shell script (or any programming language)?

If yes, can you please share your code?

We are trying to automate some stuff and would like to know how this worked for others.

Thanks,

Bharath Nunepalli.

Hi,

I'm using Operating System authentication and I need to give permission on Healthshare to allow a user to run only this two commands 

##Class(Backup.General).ExternalFreeze()

and

##Class(Backup.General).ExternalThaw()

This user is gonna be use to backup only.

There are any role on HealthShare for this?

In this 3-part series of articles, is shown how you can use IAM to simply add security, according to OAuth 2.0 standards, to a previously unauthenticated service deployed in IRIS.

In the first part, was provided some OAuth 2.0 background together with some IRIS and IAM initial definitions and configurations in order to facilitate the understanding of the whole process of securing your services.

I just tried to log into our QA server and connect to Terminal (v 2013.1). 

I can type in my username but when I attempt to type my password, no characters are typed. When I press ENTER the password is invalid. 

I can connect to the management portal and the studio development environment without any problems.  Also, I do not have this problem when connecting to the terminal in our production environment (2010). 

Does anyone know what can cause this type of problem? 

Thanks. 

Maybe I haven't seen anything about it in the documentation, but why isn't there a way to list all the Resources from the %SYS namespace from a class rather than through ^SECURITY

Thinking maybe something like this: 
##Class(Security.Resources).ListAll(.result)

This error is sometimes seen while viewing a listing in InterSystems IRIS Business Intelligence:
ERROR #5540: SQLCODE: -99 Message: User <USERNAME> is not privileged for the operation (4)  

As the error suggests, this is due to a permission error. To figure out which permissions are missing/needed, we can take a look at the SQL query that is generated. We will use a query from SAMPLES as an example.

I used the soap wizard to create a web client based on the wsdl.  I was able to get a valid response back, and now it looks like the error is in decrypting the soap message response "inbound"

ERROR #6284: Security header error: SecurityTokenUnavailable.

Hello,

I am working on Ensemble 2017.2.1 .
I need to export my security settings into an extern database, in order to make a report.

I've created a Business Operation with an SQL Adapter into a Namespace, but I don't know how to get every security data from "%SYS" Namespace  ( SQLPrivileges , Resources , Roles , Services , Users ... ).

I dont't want to use the terminal and the ^SECURITY routine, because i don't want to store a XML file on the server.