User bio
Graduated in Software Engineering and Information Security.
I work as a Caché developer and currently as a Caché/IRIS Database Administrator, managing and automating multiple instances in the Cloud Environment.
My areas of interest are Security, Performance Database and Linux Environment.
Member since Dec 5, 2018
Posts:
Replies:
You may find more information in this legacy documentation:
https://docs.intersystems.com/latest/csp/docbook/Doc.View.cls?KEY=GDOC_legacy
Hi Philip,
Another way is to use the ##class(Backup.General).IsWDSuspendedExt() routine.
According to the documentation:
"When called in an external script, exit status is set to 5 if WD is suspended or 3 otherwise."
Example:
irisowner:~$ iris terminal IRIS -U%SYS "##class(Backup.General).ExternalFreeze()"
irisowner:~$ iris terminal IRIS -U%SYS "##class(Backup.General).IsWDSuspendedExt()"
irisowner:~$ echo $?
5
irisowner:~$ iris terminal IRIS -U%SYS "##class(Backup.General).ExternalThaw()"
irisowner:~$ iris terminal IRIS -U%SYS "##class(Backup.General).IsWDSuspendedExt()"
irisowner:~$ echo $?
3
Certifications & Credly badges:


Global Masters badges:
Lucas has no Global Masters badges yet.
Followers:
Following:
If the access is via SQL (INSERT, UPDATE), it is possible.
You can create a role with RW access to the database resource and grant INSERT privileges without the SELECT privilege.
If the access is via Global (SET), it is not so simple. Because you need to grant RW permission to the Database Resource and, consequently, the user will be able to read the data from the global resource.
For example, you create the logs_w role and grant it to the user
If the user tries to execute a SELECT they will receive an error
If the user tries to execute an INSERT, it will succeed.
But this permission is not valid for globals, the user will be able to read
In this case you can follow other strategies, such as Applications and Privilege Escalation. Here you isolate the database and the user does not have default access when logging in. Access is granted temporarily when executing a method/routine. A simple example:
In a database to which the user has default access, create a method that receives temporary privileges to write to the protected database
Create a Privileged Routine Applications for this method
The user does not have access to the LOGS database, but can execute the write method with temporary privileges.