Default Privileges of the Predefined Roles
Default Privileges of the Predefined Roles
This section lists the default privileges that each role has for each resource.
-
The first subsection lists the role privileges for the activity resources.
-
The second subsection lists the role privileges for the code and data resources.
See Privileges and Permissions for an explanation of how you grant access to resources through role privileges.
Role Privileges for the Activity Resources
The following table lists the role privileges for the activity resources. Only the Use permission is required for access, use this permission on the underlying resource to determine access to data as well.
| Resource | %EnsRole _Administrator | %EnsRole _Developer* | %EnsRole _Monitor | %EnsRole _Operator |
|---|---|---|---|---|
| %Ens_ConfigItemRun | Use | Use | Use | |
| %Ens_DTLTest | Use | Use | ||
| %Ens_Dashboard | Use | Use | Use | Use |
| %Ens_Deploy | Use | |||
| %Ens_DeploymentPkg | Use | Use | ||
| %Ens_EventLog | Use | Use | Use | |
| %Ens_MessageContent | Use | Use | ||
| %Ens_MessageDiscard | Use | Use | ||
| %Ens_MessageEditResend | Use | Use | ||
| %Ens_MessageHeader | Use | Use | Use | |
| %Ens_MessageResend | Use | Use | Use | |
| %Ens_MessageSuspend | Use | Use | ||
| %Ens_MessageTrace | Use | Use | Use | |
| %Ens_MsgBank_Dashboard | Use | Use | Use | Use |
| %Ens_MsgBank_EventLog | Use | Use | Use | |
| %Ens_MsgBank_MessageContent | Use | Use | ||
| %Ens_MsgBank_MessageEditResend | Use | Use | ||
| %Ens_MsgBank_MessageHeader | Use | Use | Use | |
| %Ens_MsgBank_MessageResend | Use | Use | Use | |
| %Ens_MsgBank_MessageTrace | Use | Use | Use | |
| %Ens_Portal* | Use | Use | Use | Use |
| %Ens_ProductionDocumentation | Use | Use | ||
| %Ens_ProductionRun | Use | Use | Use | |
| %Ens_Purge | Use | Use | ||
| %Ens_RuleLog* | Use | Use | Use | |
| %Ens_TestingService | Use | Use | ||
| %Ens_ViewFileSystem | Use | Use |
Role Privileges for the Code and Data Resources
The following table lists the role privileges for the code and data resources. Read and Write permissions are distinct for the resource; your application code should use these two permissions to determine access to the underlying data.
For reasons of space, this table does not include the information on all roles. Additional roles are described after the table.
| Resource | %EnsRole _Administrator | %EnsRole _Developer | %EnsRole _Monitor | %EnsRole _Operator |
|---|---|---|---|---|
| %Ens_Alerts | Read, Write | Read, Write | Read | |
| %Ens_ArchiveManager | Read, Write | |||
| %Ens_BPL | ||||
| %Ens_BusinessRules | ||||
| %Ens_Code | Read | Read, Write | ||
| %Ens_Credentials | Read, Write | Read | Read | |
| %Ens_DTL | ||||
| %Ens_EDISchema | Read | Read, Write | ||
| %Ens_JBH | ||||
| %Ens_Jobs | Read, Write | Read, Write | Read | |
| %Ens_LookupTables | Read, Write | Read, Write | Read | |
| %Ens_MsgBank | Read, Write | Read | Read | |
| %Ens_MsgBankConfig | Read, Write | Read, Write | ||
| %Ens_ProductionConfig | Read, Write | Read, Write | Read | |
| %Ens_PurgeSchedule | Use | Read | Read | |
| %Ens_PurgeSettings | Read, Write | Read, Write | ||
| %Ens_Queues | Read, Write | Read, Write | Read | |
| %Ens_RecordMap | ||||
| %Ens_RoutingRules | ||||
| %Ens_Rules* | Read, Write | |||
| %Ens_SystemDefaultConfig | Read, Write | Read | Read | |
| %Ens_WorkflowConfig | Write | Read, Write | Read |
Additional roles have the following privileges
-
The %EnsRole_WebDeveloper role has the same privileges as %EnsRole_Developer, except for access to the %Ens_PurgeSettings resource.
-
The %EnsRole_RulesDeveloper role has only the following privileges:
-
%Ens_Portal:U
-
%Ens_RuleLog:U
-
%Ens_Rules:RW
-
Portal Page Privilege Requirements
Each Management Portal page has a default privilege requirement in the security framework shipped with InterSystems IRIS. You can view this requirement while in the columns view of the portal menu just beneath where you click Go to navigate to the page. You only see this information if you click next to the menu item name and not directly on the label.
For example, if you select Interoperability > Configure and then click to the right of Production on menu of the Management Portal, you see %Ens_ProductionConfig:READ listed under the System Resource(s) label. This means you must be a member of a role that has the Read permission on the %Ens_ProductionConfig resource to view the Production Configuration page.
Notice you may also assign custom resources to a portal page. See Use Custom Resources with the Management Portal.
