docs.intersystems.com
Home  /  Application Development: Core Topics  /  Orientation Guide for Server-Side Programming  /  InterSystems IRIS Security


Orientation Guide for Server-Side Programming
InterSystems IRIS Security
[Back]  [Next] 
InterSystems: The power behind what matters   
Search:  


This chapter provides an overview of InterSystems security, with emphasis on the topics most relevant to programmers who write or maintain InterSystems IRIS applications. It discusses the following topics:
Security is discussed in detail in the Security Administration Guide.
Introduction
This section provides an introduction to security within InterSystems IRIS and for communications between InterSystems IRIS and external systems.
Security Elements Within InterSystems IRIS
InterSystems security provides a simple, unified security architecture that is based on the following elements:
Secure Communications to and From InterSystems IRIS
When communicating between InterSystems IRIS and external systems, you can use the following additional tools:
InterSystems IRIS Applications
Almost all users interact with InterSystems IRIS using applications. For example, the Management Portal itself is a set of applications. Each application has its own security. There are two common kinds of applications in InterSystems IRIS:
You can define, modify, and applications within the Management Portal (provided that you are logged in as a user with sufficient privileges). When you deploy your applications, however, you are more likely to define applications programmatically as part of installation; InterSystems IRIS provides ways to do so.
InterSystems Authorization Model
As a programmer, you are responsible for including the appropriate security checks within your code to make sure that a given user has permission to perform a given task. Therefore, it is necessary to become familiar with the InterSystems authorization model, which uses role-based access. Briefly, the terms are as follows:
Another important concept is role escalation. Sometimes it is necessary to temporarily add one or more new roles to a user (programmatically) so that the user can perform a normally disallowed task within a specific context. This is known as role escalation. After the user exits that context, you would remove the temporary roles; this is role de-escalation.
You define, modify, and delete resources, roles, and users within the Management Portal (provided that you are logged in as a user with sufficient privileges). When you deploy your applications, however, you are more likely to define resources, roles, and starter usernames programmatically, as part of installation; InterSystems IRIS provides ways to do so.