Users

Syndicate content 4 

I've seen a few password change posts, but I wasn't 100% sure it was the same process, so I am asking here. We periodically have to change the passwords for a few Cache user accounts across several servers. Is there a process/script to change these passwords without having to go into the web portal on each server?  Thanks so much, and I apologize if this was covered in some of the other articles that I've run across. Just looking for the best method.

Last answer 5 days ago Last comment 4 days ago
0 2
47

views

0

rating

Hello.

I want to grant access only to the Message Viewer page to an specific user, in all Namespaces. I have created a rol with this privileges:

%Ens_MessageContent
%Ens_MessageHeader
%Ens_MessageTrace
%Ens_Portal

But if I want to see the list of messages, I have to grant SELECT access to the Ens.MessageHeader and Ens.MessageBody tables of each Namespace.

Is there anyway to grant access to this tables in all Namespaces at a time, even if new ones are created?

Thank you in advance.

0 0
0

answers

0

comments

65

views

0

rating

Hi,

We have Mirroring established between NODE 1 & Node 2 . We have set the "cachesys" database enabled for Journalling. But we dont see the User Accounts , Roles, Resources created on Node 1 ( favoured Primary) reflected on Node 2 . Is creating them manually again is the only option for this ? . Is there any way to sync them or would adding %SYS to MIRROR a possible solution. Would it be great if anyone has faced this as we have an issue that during failovers Team is locked out . 

Best Regards,

Arun Madhan

Last answer 19 October 2018 Last comment 22 October 2018
1 6
181

views

+ 1

rating

Do you want to simplify your user management by using Windows domain accounts? When you add LDAP integration to your system, you can: 

  • Use the same logins on all your instances 
  • Manage the user accounts centrally 
  • Stop worrying about synchronizing accounts between systems 

In Active Directory Integration with LDAP, a live webinar (June 21, 11:00 a.m. EDT) Katherine Reid, Senior Support Specialist at InterSystems, will discuss the main options for integrating your user accounts with your domain, including delegated authentication and LDAP authentication. 

Katherine will also walk through how you might set this up on your own system. After the webinar, you can practice what you've learned using a lab from InterSystems Documentation

Last comment 29 August 2018
1 4
286

views

0

rating

Hi,

I have a problem with CSP Application Authentication, when the user input you correct password, however the message "Invalid password" returns.

This error returns just Cache password user type, for user delegated don't.

this error is momentary also, if you wait a moment, it stops.

Last comment 20 July 2018
0 2
0

answers

191

views

0

rating

Hello; we have users on the system with cache logins.  They have access to a specific namespace, and no access to %SYS of course.  I'd like to give each user the ability to change his own password from within our application, using Security.User.PasswordExternal.  This only exists in the %SYS namespace, and the average user can't get to it.  

 

Should I give the users access to this column in this table (column Password, table Security.Users)?  What about access to the namespace?  Is this possible? Has anyone done this before?

 

Thanks,

Laura

Last answer 17 March 2017 Last comment 24 May 2018
0 4
269

views

0

rating

I am working through trying to use ZAUTHENTICATE.mac and LDAP.mac to do Delegated sign on into Ensemble. In reading over the samples and the documentation, I am not clearly finding on how to set the Appropriate Role from the LDAP group I return. Can someone help explain this part to me? If I have a user sign on, and I return a "Group" from the Authentication, how do I get that to transform into the Role I need for Ensemble.

Thanks

Scott Roth

Last answer 12 February 2018
0 2
0

comments

199

views

0

rating

In part 1part 2, and part 3 parts of this series we set up three user types. In part 4 we saw how to secure model elements and DeepSee items. In this last part of the tutorial we conclude with some remarks on DeepSee security and troubleshooting tips. In particular, we see how pivot tables in User Portal can be "hidden".

0 1
0

comments

128

views

+ 1

rating

Hi I've created a word macro in order to convert doc to txt via the command line, this works fine via the command line by myself or another user but when I try as an the intersystems user which runs under  LocalSystem it doesn't work. 

So can I change the user, or set the $ZF to run as a different user?

Or do I have to try another way to convert doc to txt - it's looking like libreOffice?

I just wanted to stick with word because I could be guaranteed on the result being accurate.

Thanks

Regards

Richard

Last answer 25 April 2017 Last comment 7 November 2017
0 5
393

views

0

rating

Hi All -

Our environment has multiple instances of HealthShare installed and most are on separate VMs/servers. Does anyone have any ideas on how to efficiently manage user accounts across all of these multiple instances of HealthShare? As you can imagine, creating 10 separate Cache accounts on each instance during onboarding of new associates is cumbersome and tedious as is disabling them. We have yet to integrate with AD but we do have a Cyberark initiative under way but it is in the very early stages.

 

Additionally - I would eventually like to do some reporting based off of specific roles within HealthShare/Ensemble/Cache. Example:

Filtering user accounts for our entire system for accounts that have %All

Last answer 10 May 2017
0 1
0

comments

331

views

0

rating

I have multiple namespaces in a Cache environment say NS1 & NS2. I want to add some restriction so that  a routine running in the NS1 should not access any resource(global/routine) belongs to namespace NS2.

The above restriction need for few of the clients only, so we do not want to write any custom logic in code. 

We are looking for some solution provided by Cache where we can restrict the namespace access.

Can somebody please help me on this.

Last answer 31 March 2017
0 0
0

comments

121

views

0

rating

Hello,

 

I have a problem with an Ensemble instance on Windows to access to a network shared directory. Ensemble service (services.msc) is executed with a user which has access to this network shared directory :

 - When I try to copy or access files from a terminal ==> this is OK : the command w ##class(%SYS.ProcessQuery).%OpenId($Job).OSUserName returns the user defined in Ensemble service logon screen.

 - When I try to copy or access files from a service, process or operation item of the running Production ==> this is KO and the command ##class(%SYS.ProcessQuery).%OpenId($Job).OSUserName returns a OS user called _Ensemble.

 

What is this _Ensemble user (it doesn't exist on the server) ?

Do I have to create a new user named _Ensemble ?

Why processes started by the Production doesn't use the user which starts the instance (defined in services.msc)

Last answer 29 March 2017 Last comment 30 March 2017
0 0
340

views

0

rating

Hi -

I know that when specifying Caché password rules (i.e. what constitutes a valid password definition) that the "Pattern Matching" logic is what is getting leveraged under the covers to enforce the "A Password Must conform to X" rule. I was hoping that people could share some more sophisticated pattern matching rules. (in particular, I was wondering what a rule that would require non-repeating mixture of letter, numbers, & punctuation of an overall minimal size)

Last answer 24 November 2016 Last comment 28 November 2016
0 3
247

views

+ 1

rating

Hello community!

I am trying to set up Startup Tag^Routine field for the UnknownUser as follows:

And my simple routine is the next:

Calling do ZitRoStart^ZitRo in the terminal prints "Hello", but when opening Caché Terminal it results with the next:

And the terminal closes.

// Cache for Windows (x86-64) 2016.2 (Build 636U) Wed Apr 13 2016 20:58:35 EDT

What am I doing wrong in setup?

Thank you very much!

Last answer 4 November 2016 Last comment 2 November 2016
0 2
295

views

+ 2

rating

I'm VERY novice on all things "OpenAM", and beyond knowing that Caché supports working with OpenAM, I have nothing else to go on.

The documentation doesn't seem to be very deep on the nature of how this works beyond a single paragraph saying it's supported for Single Sign On (SSO).

For Caché to use this, I get that there is an environment variable (REMOTE_USER) which is set to "something", but it's not clear to me how this ends up mapping to a provisioned caché user (or LDAP provisioned user for that matter) and ultimately to the %Roles in effect and subsequent system access.

Can someone please enlighten me with a few more details of how this works?

Thanks

0 1
0

answers

0

comments

137

views

0

rating