Security Administration Guide
- About This Book
- About InterSystems Security
- Authentication: Establishing Identity
- Authorization: Controlling User Access
- Auditing: Knowing What Happened
- Managed Key Encryption: Protecting Data on Disk
- Managing Security with the Management Portal
- Notes on Technology, Policy, and Action
- Authentication
- Authentication Basics
- About the Different Authentication Mechanisms
- About the Different Access Modes
- Configuring Kerberos Authentication
- Configuring Operating-System–Based Authentication
- Configuring Instance Authentication
- Configuring Two-Factor Authentication
- Other Topics
- Assets and Resources
- Authorization, Assets, and Resources
- System Resources
- Database Resources
- Application Resources
- Creating or Editing a Resource
- Using Custom Resources with the Management Portal
- Privileges and Permissions
- How Privileges Work
- Public Permissions
- Checking Privileges
- Using Methods with Built-In Privilege Checks
- When Changes in Privileges Take Effect
- Roles
- About Roles
- Roles, Users, Members, and Assignments
- Creating Roles
- Managing Roles
- Predefined Roles
- Login Roles and Added Roles
- Programmatically Managing Roles
- Users
- Properties of Users
- Creating and Editing Users
- Viewing and Managing Existing Users
- Predefined User Accounts
- Validating User Accounts
- Services
- Applications
- Applications, Their Properties, and Their Privileges
- Application Types
- Creating and Editing Applications
- Built-In Applications
- Auditing
- Basic Auditing Concepts
- Elements of an Audit Event
- About System Audit Events
- Managing User-Defined Audit Events
- Enabling or Disabling an Audit Event
- Managing Auditing and the Audit Database
- Other Auditing Issues
- Managed Key Encryption
- About Managed Key Encryption
- Key Management Tasks
- Using Encrypted Databases
- Using Data-Element Encryption
- Protecting against Data Loss and Handling Emergency Situations
- Other Information
- SQL Security
- System Management and Security
- System Security Settings Page
- System-Wide Security Parameters
- Authentication Options
- The Secure Debug Shell
- Password Strength and Password Policies
- Protecting InterSystems IRIS Configuration Information
- Managing InterSystems IRIS Security Domains
- Security Advisor
- Effect of Changes
- Emergency Access
- Using TLS with InterSystems IRIS
- About InterSystems IRIS Support for TLS
- About TLS
- About Configurations
- Configuring the InterSystems IRIS Superserver to Use TLS
- Configuring InterSystems IRIS Telnet to Use TLS
- Configuring Java Clients to Use TLS with InterSystems IRIS
- Configuring .NET Clients to Use TLS with InterSystems IRIS
- Configuring Studio to Use TLS with InterSystems IRIS
- Connecting from a Windows Client Using a Settings File
- Configuring InterSystems IRIS to Use TLS with Mirroring
- Configuring InterSystems IRIS to Use TLS with TCP Devices
- Configuring the Web Gateway to Connect to InterSystems IRIS Using TLS
- Establishing the Required Certificate Chain
- The InterSystems Public Key Infrastructure
- About the InterSystems Public Key Infrastructure (PKI)
- Certificate Authority Server Tasks
- Certificate Authority Client Tasks
- Using Delegated Authentication
- Overview of Delegated Authentication
- Creating Delegated (User-Defined) Authentication Code
- Setting Up Delegated Authentication
- After Delegated Authentication Succeeds
- Using LDAP
- Overview of Using LDAP with InterSystems IRIS®
- Configuring LDAP Authentication for InterSystems IRIS
- Configuring LDAP Authorization for InterSystems IRIS
- Other LDAP Topics
- Using Delegated Authorization
- Overview of Delegated Authorization
- Creating Delegated (User-defined) Authorization Code
- Configuring an Instance to Use Delegated Authorization
- After Authorization — The State of the System
- Tightening Security for an Instance
- Enabling Auditing
- Changing the Authentication Mechanism for an Application
- Limiting the Number of Public Resources
- Restricting Access to Services
- Limiting the Number of Privileged Users
- Disabling the _SYSTEM User
- Restricting Access for UnknownUser
- Configuring Third-Party Software
- Performing Encryption Management Operations
- About Encryption Management Operations
- Converting an Unencrypted Database to be Encrypted
- Converting an Encrypted Database to be Unencrypted
- Converting an Encrypted Database to Use a New Key
- Relevant Cryptographic Standards and RFCs
- About PKI (Public Key Infrastructure)
- The Underlying Need
- About Public-Key Cryptography
- Authentication, Certificates, and Certificate Authorities
- How the CA Creates a Certificate
- Limitations on Certificates: Expiration and Revocation
- Recapping PKI Functionality
- Using Character-based Security Management Routines