Predefined Resources
Predefined Resources
This section describes the predefined resources related to productions. The names of these resources all begin with the %Ens_ prefix.
-
The first subsection lists resources that protect a specific activity you can perform in InterSystems IRIS.
-
The second subsection lists code and data resources.
You can view the list of predefined resources on the System Administration > Security > Resources page of the Management Portal.
For an in-depth discussion of resources, see Assets and Resources.
Resources to Protect Activities Related to Productions
Resource | Description |
---|---|
%Ens_AlertAdministration | Grants access to managed alert administration |
%Ens_ConfigItemRun | Controls starting and stopping configuration items |
%Ens_DTLTest | Grants access to the data transformation testing utility |
%Ens_Dashboard | Grants access to the Production Monitor |
%Ens_Deploy | Grants access to deployment activities |
%Ens_DeploymentPkg | Controls the creation of deployment packages using the server |
%Ens_DeploymentPkgClient | Controls the creation and import of local deployment packages using the web browser |
%Ens_EventLog | Grants access to the Event Log |
%Ens_MessageContent | Grants access to the contents of messages |
%Ens_MessageDiscard | Controls discarding of queued and suspended messages |
%Ens_MessageEditResend | Grants access to edit and resend messages |
%Ens_MessageExport | Grants access to export messages |
%Ens_MessageHeader | Grants access to message header data |
%Ens_MessageResend | Grants access to resend messages |
%Ens_MessageSuspend | Controls the manual suspension of messages |
%Ens_MessageTrace | Grants access to message trace |
%Ens_MsgBank_Dashboard | Grants access to the Enterprise Monitor |
%Ens_MsgBank_EventLog | Grants access to the Message Bank Event Log |
%Ens_MsgBank_MessageContent | Grants access to the contents of messages in the Message Bank |
%Ens_MsgBank_MessageEditResend | Grants permission to edit and resend messages from the Message Bank |
%Ens_MsgBank_MessageHeader | Grants access to Message Bank header data |
%Ens_MsgBank_MessageResend | Grants permission to resend messages from the Message Bank |
%Ens_MsgBank_MessageTrace | Grants access to the Message Bank Visual Trace |
%Ens_Portal | Grants access to the Interoperability menus in the Management Portal
Note:
To access any of the Interoperability pages and functions in the Management Portal for a given namespace, a user must also have Read permission on the default global database resource for the namespace. |
%Ens_ProductionDocumentation | Controls the creation of production documentation |
%Ens_ProductionRun | Controls starting and stopping productions |
%Ens_Purge | Controls purging of production-related data |
%Ens_RuleLog | Grants access to the Rule Log |
%Ens_TestingService | Grants access to the business host testing service |
%Ens_ViewFileSystem | Grants access to the Finder Dialog, which enables users to browse the file system |
Resources to Protect Code and Data Related to Productions
Resource | Code/Data |
---|---|
%Ens_Agents | Grants access to the Agent Management page, which is applicable only to HealthShare |
%Ens_Alerts | Grants access to alert configuration and management |
%Ens_ArchiveManager | Grants access to the Archive Manager |
%Ens_BPL | Grants access to the Business Process Language (BPL) |
%Ens_BusinessRules | Grants access to business rules |
%Ens_Code | Grants access to all Interoperability classes and routines |
%Ens_Credentials | Grants access to production credentials |
%Ens_DTL | Grants access to the Data Transformation Language (DTL) |
%Ens_EDISchema | Grants access to EDI schemas |
%Ens_EDISchemaAnnotation | Grants access to the HL7 Annotation classes |
%Ens_ITK | Grants access to the Interoperability Toolkit, which is applicable only to HealthShare |
%Ens_JBH | Grants access to Java Business Hosts |
%Ens_Jobs | Grants access to job data |
%Ens_LookupTables | Grants access to lookup tables |
%Ens_MsgBank | Grants access to Message Bank status information |
%Ens_MsgBankConfig | Grants access to Message Bank configuration |
%Ens_PortSettingsReport | Grants access to the Port Authority Report, which details port usage across the system |
%Ens_ProductionConfig | Grants access to production configuration activities |
%Ens_PurgeSchedule | Grants access to scheduling of InterSystems IRIS purge tasks |
%Ens_PubSub | Grants access to the Publish & Subscribe (or PubSub) pages in the Management Portal |
%Ens_PurgeSettings | Grants access to the Purge Management Data page in the Management Portal and controls the default settings for manually purging production-related data |
%Ens_Queues | Grants access to queue data
Note:
If you want to perform an activity related to an active message you will also need access to job data which uses the %Ens_Jobs resource. |
%Ens_RestrictedUI_SystemDefaultSettings | Restricts a user to editing only the system default settings to which they have been given USE permission. For more information, see Security for System Default Settings. |
%Ens_RecordMap | Grants access to Interoperability record maps |
%Ens_RoutingRules | Grants access to routing rules |
%Ens_Rules | Grants access to all Interoperability rules |
%Ens_SettingsReportConfig | Grants access to the Setting Report Configuration page, which enables you to specify the namespace that stores data about port usage |
%Ens_SystemDefaultConfig | Grants access to system–wide default settings |
%Ens_SystemDefaultSettings_AllowedIPAddresses | Allows user to manage the AllowedIPAddresses system default setting even when they are restricted from managing other system default settings. For more information, see Security for System Default Settings. |
%Ens_SystemDefaultSettings_IPAddress | Allows user to manage the IPAddress system default setting even when they are restricted from managing other system default settings. For more information, see Security for System Default Settings. |
%Ens_SystemDefaultSettings_Port | Allows user to manage the Port system default setting even when they are restricted from managing other system default settings. For more information, see Security for System Default Settings. |
%Ens_SystemDefaultSettings_Server | Allows user to manage the Server system default setting even when they are restricted from managing other system default settings. For more information, see Security for System Default Settings. |
%Ens_WorkflowConfig | Grants access to workflow roles and users |
In many cases, InterSystems IRIS Interoperability default behavior uses a less granular resource (like %Ens_Code) which protects multiple data sources including the data protected by a more specific resource (like %Ens_BPL). The predefined roles and privileges use the less granular resource, but you can choose alternative roles with more selective privileges.
Security for System Default Settings
Assigning USE permission to the %Ens_RestrictedUI_SystemDefaultSettings resource restricts a user from creating, editing, or deleting system default settings for Interoperability productions. This restriction applies only to managing system default settings in the Management Portal and does not prevent administrators from editing the global directly.
You can grant exceptions to this general restriction by assigning USE privileges to the %Ens_SystemDefaultSettings_setting resource, where setting is the case-sensitive name of a setting. The system includes predefined resources for four settings:
-
%Ens_SystemDefaultSettings_AllowedIPAddresses — Allows users to manage the AllowedIPAddresses setting from the Management Portal even when blocked from managing other system default settings.
-
%Ens_SystemDefaultSettings_IPAddress — Allows users to manage the IPAddress setting from the Management Portal even when blocked from managing other system default settings.
-
%Ens_SystemDefaultSettings_Port — Allows users to manage the Port setting from the Management Portal even when blocked from managing other system default settings.
-
%Ens_SystemDefaultSettings_Server — Allows users to manage the Server setting from the Management Portal even when blocked from managing other system default settings.
For more information about system default settings, see Defining System Default Settings. For instructions on creating resources, see Create or Edit a Resource.