Caché Programming Orientation Guide
Caché Security
[Home] [Back] [Next]
InterSystems: The power behind what matters   
Class Reference   
Search:    

This chapter provides an overview of Caché security, with emphasis on the topics most relevant to programmers who write or maintain Caché applications. It discusses the following topics:

Security is discussed in detail in the Caché Security Administration Guide.
Introduction
This section provides an introduction to security within Caché and for communications between Caché and external systems.
Security Elements Within Caché
Caché security provides a simple, unified security architecture that is based on the following elements:
Secure Communications to and From Caché
When communicating between Caché and external systems, you can use the following additional Caché tools:
Caché Applications
Almost all users interact with Caché using applications. For example, the Management Portal itself is a set of applications. Each application has its own security. There are three kinds of applications in Caché:
You can define, modify, and applications within the Management Portal (provided that you are logged in as a user with sufficient privileges). When you deploy your applications, however, you are more likely to define applications programmatically as part of installation; Caché provides ways to do so.
Caché Authorization Model
As a programmer, you are responsible for including the appropriate security checks within your code to make sure that a given user has permission to perform a given task. Therefore, it is necessary to become familiar with the Caché authorization model, which uses role-based access. Briefly, the terms are as follows:
Another important concept is role escalation. Sometimes it is necessary to temporarily add one or more new roles to a user (programmatically) so that the user can perform a normally disallowed task within a specific context. This is known as role escalation. After the user exits that context, you would remove the temporary roles; this is role de-escalation.
You define, modify, and delete resources, roles, and users within the Management Portal (provided that you are logged in as a user with sufficient privileges). When you deploy your applications, however, you are more likely to define resources, roles, and starter usernames programmatically, as part of installation; Caché provides ways to do so.