Predefined Resources

This section describes the predefined resources related to productions. The names of these resources all begin with the %Ens_ prefix.

The first subsection lists resources that protect a specific activity you can perform in InterSystems IRIS.
The second subsection lists code and data resources.

You can view the list of predefined resources on the System Administration > Security > Resources page of the Management Portal.

For an in-depth discussion of resources, see Assets and Resources.

Resources to Protect Activities Related to Productions

Resource	Description
%Ens_AlertAdministration	Grants access to managed alert administration
%Ens_ConfigItemRun	Controls starting and stopping configuration items
%Ens_DTLTest	Grants access to the data transformation testing utility
%Ens_Dashboard	Grants access to the Production Monitor
%Ens_Deploy	Grants access to deployment activities
%Ens_DeploymentPkg	Controls the creation of deployment packages using the server
%Ens_DeploymentPkgClient	Controls the creation and import of local deployment packages using the web browser
%Ens_EventLog	Grants access to the Event Log
%Ens_MessageContent	Grants access to the contents of messages
%Ens_MessageDiscard	Controls discarding of queued and suspended messages
%Ens_MessageEditResend	Grants access to edit and resend messages
%Ens_MessageExport	Grants access to export messages
%Ens_MessageHeader	Grants access to message header data
%Ens_MessageResend	Grants access to resend messages
%Ens_MessageSuspend	Controls the manual suspension of messages
%Ens_MessageTrace	Grants access to message trace
%Ens_MsgBank_Dashboard	Grants access to the Enterprise Monitor
%Ens_MsgBank_EventLog	Grants access to the Message Bank Event Log
%Ens_MsgBank_MessageContent	Grants access to the contents of messages in the Message Bank
%Ens_MsgBank_MessageEditResend	Grants permission to edit and resend messages from the Message Bank
%Ens_MsgBank_MessageHeader	Grants access to Message Bank header data
%Ens_MsgBank_MessageResend	Grants permission to resend messages from the Message Bank
%Ens_MsgBank_MessageTrace	Grants access to the Message Bank Visual Trace
%Ens_Portal	Grants access to the Interoperability menus in the Management Portal Note: To access any of the Interoperability pages and functions in the Management Portal for a given namespace, a user must also have Read permission on the default global database resource for the namespace.
%Ens_ProductionDocumentation	Controls the creation of production documentation
%Ens_ProductionRun	Controls starting and stopping productions
%Ens_Purge	Controls purging of production-related data
%Ens_RuleLog	Grants access to the Rule Log
%Ens_TestingService	Grants access to the business host testing service
%Ens_ViewFileSystem	Grants access to the Finder Dialog, which enables users to browse the file system

Resources to Protect Code and Data Related to Productions

Resource	Code/Data
%Ens_Agents	Grants access to the Agent Management page, which is applicable only to HealthShare
%Ens_Alerts	Grants access to alert configuration and management
%Ens_ArchiveManager	Grants access to the Archive Manager
%Ens_BPL	Grants access to the Business Process Language (BPL)
%Ens_BusinessRules	Grants access to business rules
%Ens_Code	Grants access to all Interoperability classes and routines
%Ens_Credentials	Grants access to production credentials
%Ens_DTL	Grants access to the Data Transformation Language (DTL)
%Ens_EDISchema	Grants access to EDI schemas
%Ens_EDISchemaAnnotation	Grants access to the HL7 Annotation classes
%Ens_ITK	Grants access to the Interoperability Toolkit, which is applicable only to HealthShare
%Ens_JBH	Grants access to Java Business Hosts
%Ens_Jobs	Grants access to job data
%Ens_LookupTables	Grants access to lookup tables
%Ens_MsgBank	Grants access to Message Bank status information
%Ens_MsgBankConfig	Grants access to Message Bank configuration
%Ens_PortSettingsReport	Grants access to the Port Authority Report, which details port usage across the system
%Ens_ProductionConfig	Grants access to production configuration activities
%Ens_PurgeSchedule	Grants access to scheduling of InterSystems IRIS purge tasks
%Ens_PubSub	Grants access to the Publish & Subscribe (or PubSub) pages in the Management Portal
%Ens_PurgeSettings	Grants access to the Purge Management Data page in the Management Portal and controls the default settings for manually purging production-related data
%Ens_Queues	Grants access to queue data Note: If you want to perform an activity related to an active message you will also need access to job data which uses the %Ens_Jobs resource.
%Ens_RestrictedUI_SystemDefaultSettings	Restricts a user to editing only the system default settings to which they have been given USE permission. For more information, see Security for System Default Settings.
%Ens_RecordMap	Grants access to Interoperability record maps
%Ens_RoutingRules	Grants access to routing rules
%Ens_Rules	Grants access to all Interoperability rules
%Ens_SettingsReportConfig	Grants access to the Setting Report Configuration page, which enables you to specify the namespace that stores data about port usage
%Ens_SystemDefaultConfig	Grants access to system–wide default settings
%Ens_SystemDefaultSettings_AllowedIPAddresses	Allows user to manage the AllowedIPAddresses system default setting even when they are restricted from managing other system default settings. For more information, see Security for System Default Settings.
%Ens_SystemDefaultSettings_IPAddress	Allows user to manage the IPAddress system default setting even when they are restricted from managing other system default settings. For more information, see Security for System Default Settings.
%Ens_SystemDefaultSettings_Port	Allows user to manage the Port system default setting even when they are restricted from managing other system default settings. For more information, see Security for System Default Settings.
%Ens_SystemDefaultSettings_Server	Allows user to manage the Server system default setting even when they are restricted from managing other system default settings. For more information, see Security for System Default Settings.
%Ens_WorkflowConfig	Grants access to workflow roles and users

Note:

In many cases, InterSystems IRIS Interoperability default behavior uses a less granular resource (like %Ens_Code) which protects multiple data sources including the data protected by a more specific resource (like %Ens_BPL). The predefined roles and privileges use the less granular resource, but you can choose alternative roles with more selective privileges.

Security for System Default Settings

Assigning USE permission to the %Ens_RestrictedUI_SystemDefaultSettings resource restricts a user from creating, editing, or deleting system default settings for Interoperability productions. This restriction applies only to managing system default settings in the Management Portal and does not prevent administrators from editing the global directly.

You can grant exceptions to this general restriction by assigning USE privileges to the %Ens_SystemDefaultSettings_setting resource, where setting is the case-sensitive name of a setting. The system includes predefined resources for four settings:

%Ens_SystemDefaultSettings_AllowedIPAddresses — Allows users to manage the AllowedIPAddresses setting from the Management Portal even when blocked from managing other system default settings.
%Ens_SystemDefaultSettings_IPAddress — Allows users to manage the IPAddress setting from the Management Portal even when blocked from managing other system default settings.
%Ens_SystemDefaultSettings_Port — Allows users to manage the Port setting from the Management Portal even when blocked from managing other system default settings.
%Ens_SystemDefaultSettings_Server — Allows users to manage the Server setting from the Management Portal even when blocked from managing other system default settings.

For more information about system default settings, see Defining System Default Settings. For instructions on creating resources, see Create or Edit a Resource.

Predefined Roles Related to Productions

Introduction