Predefined Resources
Predefined Resources
This section describes the predefined resources related to productions. The names of these resources all begin with the %Ens_ prefix.
-
The first subsection lists resources that protect a specific activity you can perform in InterSystems IRIS.
-
The second subsection lists code and data resources.
You can view the list of predefined resources on the System Administration > Security > Resources page of the Management Portal.
For an in-depth discussion of resources, see Assets and Resources.
Resources to Protect Activities Related to Productions
Controls access to managed alert administration.
Controls starting and stopping configuration items.
Controls access to the data transformation testing utility.
Controls access to the Production Monitor.
Controls access to deployment activities.
Controls the creation of deployment packages using the server.
Controls the creation and import of local deployment packages using the browser.
Controls access to the Event Log.
Controls access to the contents of messages.
Controls discarding of queued and suspended messages.
Controls access to edit and resend messages.
Controls access to export messages.
Controls access to message header data.
Controls access to resend messages.
Controls the manual suspension of messages.
Controls access to message trace.
Controls access to the Enterprise Monitor.
Controls access to the Message Bank Event Log.
Controls access to the contents of messages in the Message Bank.
Grants permission to edit and resend messages from the Message Bank.
Controls access to Message Bank header data.
Grants permission to resend messages from the Message Bank.
Controls access to the Message Bank Visual Trace.
Controls access to the Interoperability menus in the Management Portal.
To access any of the Interoperability pages and functions in the Management Portal for a given namespace, a user must also have Read permission on the default global database resource for the namespace.
Controls the creation of production documentation.
Controls starting and stopping productions.
Controls purging of production-related data.
Controls access to the Rule Log.
Controls access to the business host testing service.
Controls access to the Finder Dialog, which enables users to browse the file system.
Resources to Protect Code and Data Related to Productions
Controls access to the Agent Management page, which is applicable only to HealthShare.
Controls access to alert configuration and management.
Controls access to the Archive Manager.
Controls access to the Business Process Language (BPL).
Controls access to business rules.
Controls access to all Interoperability classes and routines.
Controls access to production credentials.
Controls access to the Data Transformation Language (DTL).
Controls access to EDI schemas.
Controls access to the HL7 Annotation classes.
Controls access to the Interoperability Toolkit, which is applicable only to HealthShare.
Controls access to Java Business Hosts.
Controls access to job data.
Controls access to lookup tables.
Controls access to Message Bank status information
Controls access to Message Bank configuration.
Controls access to the Port Authority Report, which details port usage across the system.
Controls access to production configuration activities.
Controls access to scheduling of InterSystems IRIS purge tasks.
Controls access to the Publish & Subscribe (or PubSub) pages in the Management Portal.
Controls access to the Purge Management Data page in the Management Portal and controls the default settings for manually purging production-related data.
Controls access to queue data.
If you want to perform an activity related to an active message you will also need access to job data which uses the %Ens_Jobs resource.
Restricts a user to editing only the system default settings to which they have been given USE permission. For more information, see Security for System Default Settings.
Controls access to interoperability record maps.
Controls access to routing rules.
Controls access to all interoperability rules.
Controls access to the Setting Report Configuration page, which enables you to specify the namespace that stores data about port usage.
Controls access to system–wide default settings.
Allows user to manage the AllowedIPAddresses system default setting even when they are restricted from managing other system default settings. For more information, see Security for System Default Settings.
Allows user to manage the IPAddress system default setting even when they are restricted from managing other system default settings. For more information, see Security for System Default Settings.
Allows user to manage the LogGeneralTraceEvents system default setting even when they are restricted from managing other system default settings. For more information, see Security for System Default Settings.
Allows user to manage the LogTraceEvents system default setting even when they are restricted from managing other system default settings. For more information, see Security for System Default Settings.
Allows user to manage the Port system default setting even when they are restricted from managing other system default settings. For more information, see Security for System Default Settings.
Allows user to manage the Schedule system default setting even when they are restricted from managing other system default settings. For more information, see Security for System Default Settings.
Allows user to manage the Server system default setting even when they are restricted from managing other system default settings. For more information, see Security for System Default Settings.
Controls access to workflow roles and users.
In many cases, the default behavior uses a less granular resource (like %Ens_Code) which protects multiple data sources including the data protected by a more specific resource (like %Ens_BPL). The predefined roles and privileges use the less granular resource, but you can choose alternative roles with more selective privileges.
Security for System Default Settings
Assigning USE permission to the %Ens_RestrictedUI_SystemDefaultSettings resource restricts a user from creating, editing, or deleting system default settings for Interoperability productions. This restriction applies only to managing system default settings in the Management Portal and does not prevent administrators from editing the global directly.
You can grant exceptions to this general restriction by assigning USE privileges to the %Ens_SystemDefaultSettings_setting resource, where setting is the case-sensitive name of a setting. The system includes predefined resources as follows:
-
%Ens_SystemDefaultSettings_AllowedIPAddresses — Allows users to manage the AllowedIPAddresses setting from the Management Portal even when blocked from managing other system default settings.
-
%Ens_SystemDefaultSettings_IPAddress — Allows users to manage the IPAddress setting from the Management Portal even when blocked from managing other system default settings.
-
%Ens_SystemDefaultSettings_LogGeneralTraceEvents — Allows users to manage the LogGeneralTraceEvents setting from the Management Portal even when blocked from managing other system default settings.
-
%Ens_SystemDefaultSettings_LogTraceEvents — Allows users to manage the LogTraceEvents setting from the Management Portal even when blocked from managing other system default settings.
-
%Ens_SystemDefaultSettings_Port — Allows users to manage the Port setting from the Management Portal even when blocked from managing other system default settings.
-
%Ens_SystemDefaultSettings_Schedule — Allows users to manage the Schedule setting from the Management Portal even when blocked from managing other system default settings.
-
%Ens_SystemDefaultSettings_Server — Allows users to manage the Server setting from the Management Portal even when blocked from managing other system default settings.
For more information about system default settings, see Defining System Default Settings. For instructions on creating resources, see Create or Edit a Resource.
