Skip to main content

ZSU (ObjectScript)

Temporarily switches to a specified escalation role.

Synopsis

ZSU:pc role

Arguments

Argument Description
pc Optional — A postconditional expression
role Optional — A quoted string, the role to escalate to.

Description

ZSU role temporarily replaces your $ROLES with the specified escalation role. This command is equivalent to %SYSTEM.Security.EscalateLogin()Opens in a new tab.

If the user’s new role does not have permission to access the current namespace, the user is prompted to switch to a different namespace after escalation.

By default, running this command requires you to reauthenticate both when attempting to escalate and after a certain period of inactivity after escalation. For details on configuring the frequency of reauthentication, see Configuring Escalation Roles.

Arguments

pc

Optional — An optional postconditional expression. InterSystems IRIS executes the command if the postconditional expression is true (evaluates to a nonzero numeric value). InterSystems IRIS does not execute the command if the postconditional expression is false (evaluates to zero). For further details, refer to Command Postconditional Expressions.

role

Optional — The role to escalate to. If unspecified, the behavior of ZSU depends on how many escalation roles the user has:

  • If the user does not have any escalation roles, ZSU returns an error.

  • If the user only has one escalation role, ZSU automatically selects that role.

  • If the user has more than one escalation role, ZSU prompts the user to choose a role.

Examples

In the following example, the user Alice escalates to the role %Manager and then exits role escalation with quit:

USER>zsu "%Manager"
 
Escalated Login for User: Alice (Role: %Manager)
Password: **********
 
USER (%Manager)# quit

Later, Alice escalates to the role %Operator, which does not have permission to access the USER namespace. After escalation, Alice switches to the %SYS namespace:

USER>zsu "%Operator"
 
Escalated Login for User: Alice (Role: %Operator)
Password: **********

No access to current namespace: USER
 
Namespace: %SYS
You're in namespace %SYS
Default directory is c:\intersystems\iris\mgr\
%SYS (%Operator)#

See Also

ZTRAP (ObjectScript)Next section
Previous sectionZNSPACE (ObjectScript)
FeedbackOpens in a new tab