When you first start working with InterSystems IRIS, it’s a common practice to install a system with only a minimum level of security. You have to enter passwords fewer times and this makes it easier to work with development services and web applications when you're first getting acquainted. And, sometimes, minimal security is more convenient for deploying a developed project or solution.
And yet there comes a moment when you need to move your project out of development, into an Internet environment that’s very likely hostile, and it needs to be tested with the maximum security settings (that is, completely locked down) before being deployed to production. And that’s what we’ll discuss in this article.
For more complete coverage of DBMS security issues in InterSystems Caché, Ensemble, and IRIS, you may want to read my other article, Recommendations on installing the InterSystems Caché DBMS for a production environment.
The security system in InterSystems IRIS is based on the concept of applying different security settings for different categories: users, roles, services, resources, privileges, and applications.

Users can be assigned roles. Users and roles can have privileges on resources — databases, services, and applications — with varying read, write, and use rights. Users and roles can also have SQL privileges on the SQL tables located in databases.

InterSystems FAQ rubric

Here, we will introduce a sample code for registering and referencing task schedules.

①Sample of task schedule registration

*Create a task to execute do ^TEST every day at 1:00 am.

When you install an IRIS or Caché instance on Windows Server, you'll usually need to install it under a specific user account that has network access permissions. This is very handy when you needs to access network resources for creating files or directly accessing printers.

TL;DR: see key takeaways at the bottom!

Some third party backup products may by default restore CACHE.DAT files as UNIX sparse files when there are trailing zeroes in the backup file.

The support for sparse files vary from UNIX distribution and file system types. Sparse files attempt to use file system space more efficiently when blocks allocated to the file are mostly empty similar to thin-provisioned storage. The file system transparently converts metadata representing empty blocks into "real" blocks filled with zero bytes at runtime. The application is suppose to be unaware of this conversion.

Introduction

Like hardware hosts, virtual hosts in public and private clouds can develop resource bottlenecks as workloads increase. If you are using and managing InterSystems IRIS instances deployed in public or private clouds, you may have encountered a situation in which addressing performance or other issues requires increasing the capacity of an instance's host (that is, vertically scaling).

The goal of this writing was to illustrate how to restore backup before the patch would be applied. The alert notes that:

The risk can be avoided by applying journals from the beginning of the journal file that was switched to at the start of the backup, rather than accepting the default of starting from the journal marker position.

Having non-patched Caché 2015.1.4, I ran sample database backup and restore just to get where I should answer "No". Collecting journal info from the backup log:

InterSystems FAQ rubric

If the system does not stop for 24 hours, old journal files will be deleted at 0:30 according to the "Journal file deletion settings".

A possible cause of journal files remaining that are older than the "Journal file deletion settings" is that there are transactions that remain open.

In that case, you will be able to delete the journal file by searching for processes executing transactions and finalizing the transactions.

InterSystems FAQ rubric

Temporary globals stored in the IRISTEMP/CACHETEMP databases are used when a process does not need to store data indefinitely, but requires the powerful performance of globals. The IRISTEMP/CACHETEMP databases are not journaled, so using temporary globals does not create journal files.

The system uses the IRISTEMP/CACHETEMP databases for temporary storage and are available to users for the same.

We are back to %SYS once again! Since we covered managing users and resources in the last two articles, we can finally move on to roles. As you may have guessed, there are a lot of methods of managing them that you have already seen in our previous writings.

I'm pleased to see this in the documentation of the just-published 2017.1 Field Test of Ensemble:

"In certain circumstances, it is useful to create namespaces that are not enabled for Ensemble. In this release you can do this by clearing the Make this an Ensemble namespace checkbox when creating a new namespace. "

InterSystems FAQ rubric

On Linux, use the iris command to execute a routine or method from a shell and get the return value.

For more information, please refer to the document "About Instance Connections".

An example of a command is as follows.

Framing refers to the characters that mark the start and end of an HL7 message (or other types of framed messages). Most HL7 services and operations have a Framing setting that allows the user to define this framing. The most common choices are available as defaults, but with the AsciiMM/NN setting, components can be configured to recognize any framing characters.

From the first glance, the task of configuring LDAP authentication in Caché is not hard at all – the manual describes this process in just 6 paragraphs. On the other hand, if the LDAP server uses Microsoft Active Directory, there a few non-evident things that need to be configured on the LDAP server side. Those who don’t do anything like that on a regular basis may get lost in Caché settings. In this article, we will describe the step-by-step process of setting up LDAP authentication and cover the diagnostic methods that can be used if something doesn’t work as expected.