ZSU (ObjectScript)
Synopsis
ZSU:pc role
Arguments
Argument | Description |
---|---|
pc | Optional — A postconditional expression |
role | Optional — A quoted string, the role to escalate to. |
Description
ZSU role temporarily replaces your $ROLES with the specified escalation role. This command is equivalent to %SYSTEM.Security.EscalateLogin()Opens in a new tab.
If the user’s new role does not have permission to access the current namespace, the user is prompted to switch to a different namespace after escalation.
By default, running this command requires you to reauthenticate both when attempting to escalate and after a certain period of inactivity after escalation. For details on configuring the frequency of reauthentication, see Configuring Escalation Roles.
Arguments
pc
Optional — An optional postconditional expression. InterSystems IRIS executes the command if the postconditional expression is true (evaluates to a nonzero numeric value). InterSystems IRIS does not execute the command if the postconditional expression is false (evaluates to zero). For further details, refer to Command Postconditional Expressions.
role
Optional — The role to escalate to. If unspecified, the behavior of ZSU depends on how many escalation roles the user has:
-
If the user does not have any escalation roles, ZSU returns an error.
-
If the user only has one escalation role, ZSU automatically selects that role.
-
If the user has more than one escalation role, ZSU prompts the user to choose a role.
Examples
In the following example, the user Alice escalates to the role %Manager and then exits role escalation with quit:
USER>zsu "%Manager"
Escalated Login for User: Alice (Role: %Manager)
Password: **********
USER (%Manager)# quit
Later, Alice escalates to the role %Operator, which does not have permission to access the USER namespace. After escalation, Alice switches to the %SYS namespace:
USER>zsu "%Operator"
Escalated Login for User: Alice (Role: %Operator)
Password: **********
No access to current namespace: USER
Namespace: %SYS
You're in namespace %SYS
Default directory is c:\intersystems\iris\mgr\
%SYS (%Operator)#
See Also
-
$ROLES special variable