Security in IT is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.
I have multiple namespaces in a Cache environment say NS1 & NS2. I want to add some restriction so that a routine running in the NS1 should not access any resource(global/routine) belongs to namespace NS2.
The above restriction need for few of the clients only, so we do not want to write any custom logic in code.
We are looking for some solution provided by Cache where we can restrict the namespace access.
i use postman for testing my request , i need to extract access token from it (i put it inside the "Get url" using post man before sending my request).
i use the GetAccessTokenFromRequest of (%SYS.OAuth2.AccessToken) class , but in my rest code party , when i send request from post man , i can't extract my access token, it's empty.
In preparation for a presentation I need a real-world LDAP schema that has been customized a bit beyond the basics. Perferably this would be based on an OpenLDAP system which would make it easier to merge into this presentation.
If you have such a schema you would be willing to share please respond or contact my directly at Rich.Taylor@InterSystems.com
I need to store an equivalent of the SNN (Social Security number). I need it to be encrypted and I'll have to be able to search for it once stored.
For what I've seen my options are:
- SHAHash from the %system.encryption library. Simple and easy to implement. My question is, might collisions be a problem? We are talking about a 10 millions entry.
- AES encryption. In this case I'd like to know if there is a standard way for key management in the InterSystems environment.
We have been investigating how to activate a Server to Generate Tokens and an associated Resource Server to Validate the Token. This step, actually we have found out with the invaluable support of @Alberto Fuentes from Intersystems.
Is there a way for us to restrict user's ODBC permissions based on what program they're running on a client?
For example, we have some older Windows apps (.exe) that are a regular part of our software package which require the user to be able to select, insert, update, and delete. Some of our users are also using other third-party apps to connect (mostly reporting tools) but we only want them to be able to select unless we've approved the exe. Is there a way to do that?
These are not applications that were developed using CacheDirect.
In our current UCR arhcitecture, we use two installations. We have one machine with Access, Registry and Edges and one machine with the ODS. On the machine with the Registry, I can create a user/clinician. When I log into the management portal with this user, a so-called delegated user is created in the cached users table. So far everything is going well.
When I try the same on the machine with the ODS I get the message : 'ERROR #822: Access Denied' . so no delegated user is created.... Does anyone have any idea where I can find the solution?
As we're starting to create more custom message classes to represent out JSON-based integrations, I was pondering how to implicitly grant SELECT privileges to a specific Security Role so they can utilize Message Viewer to search through the message history.
I am working on Ensemble 2017.2.1 . I need to export my security settings into an extern database, in order to make a report.
I've created a Business Operation with an SQL Adapter into a Namespace, but I don't know how to get every security data from "%SYS" Namespace ( SQLPrivileges , Resources , Roles , Services , Users ... ).
I dont't want to use the terminal and the ^SECURITY routine, because i don't want to store a XML file on the server.
During some consulting activity, I found at the client's site CACHEAUDIT database of more than 100 GB size. The reason was simple: several processes produced a great amount of %System/%System/OSCommand audit records due to frequent external calls ($zf(-100,...)). As it is well-known, those events can be easily disabled systemwide, while this can be hardly considered secure enough. Reducing the number of days before audit cleanup from default 62 to some reasonable figure (e.g. 15) seems to be a better solution, but...
Is there any functionality I could use that triggers real time user-defined code on certain audit events? Right now I am interested in triggering such code on a routine modification event, like the one below. I do know how to access this record programmatically, via %SYS.Audit.
My original ZAUTHENTICATE.mac to use Delegated sign on did not include GetCredentials(), however I am being told it probably should have it so I am eliminate an error I am seeing when trying to troubleshoot the ZAUTHENTICATION. I am trying to add the GetCredentials() from the documentation to the existing ZAUTHENTICATE.mac but I am getting an error
I've added a REST service which worked fine on our test system but failed on the production environment because UnknownUser does not have %All set and I really don't want it set on production (in fact I've also switched it off on test).
Is there a way to allow a single REST service to have unauthorised access?
I was thinking adding a resource/role to UnknownUser specifically for that service but I've never touched on Users/Roles/Resources so I'm struggling to work out what needs adding where.
Maybe I haven't seen anything about it in the documentation, but why isn't there a way to list all the Resources from the %SYS namespace from a class rather than through ^SECURITY
Thinking maybe something like this: ##Class(Security.Resources).ListAll(.result)
I know it is possible get the user using ##class(Security.Users).Get("username"), but I need to get a user by your email. How Can I get a user by email?
I am looking for the syntax or the way to use a class created in the "BNA" Namespace (my application) from the %SYS Namespace.
Here is the context:
I have a "BNA" application contained in the "BNA" NS, this application provides a user creation functionality. This feature creates both the user in a table in the application and in the Iris system.
I just tried to log into our QA server and connect to Terminal (v 2013.1).
I can type in my username but when I attempt to type my password, no characters are typed. When I press ENTER the password is invalid.
I can connect to the management portal and the studio development environment without any problems. Also, I do not have this problem when connecting to the terminal in our production environment (2010).
Does anyone know what can cause this type of problem?
I recently started work on trying to Tighten Security in our Development Instance of IRIS that is running based on recommendations from our Audit as you might of seen from my other posts. I am currently trying to get into the Private Web Gateway Manager within IRIS as CSPSystem, but when I attempt to sign in nothing happens.
I went through and reset the password in the CSP.ini and within IRIS for CSPSystem. I made sure it had the new GatewayRole per suggested
I would like to allow some departmental user to view the ensemble portal. I want to make sure they are not allowed to do any changes (like stop and start interfaces from portal)
I have created one userbut limited with SQL privilages. But using this account, the portal view is not accessible.
It would be appreciated if anyone can adice me on this. I know this may be a silly question.
How is the security handled in intersystems for GUI and web services testing part ? Does it have inbuilt security handling packages ? what are the limitations ? Please enlighten.
first thank you from heart and mind, mind and heart; for reading, thinking, reflecting, responding, and above all explaining a possible solution and/or documentation to address this doubt.
We would need a way to get inside a SOAP Web Service the SAML Assertion, and then, send it directly to the endpoint throught a SOAP Operation.
Currently we have researched and developed how to get the SAML Assertion with the following code:
By views
.png)
.png)