Skip to main content

Example Three: %DB_USER Resource

In this example you experiment with different privileges on the USER database and a user's ability to use the data and code stored in the database.

  1. Open the Terminal and while still logged in as the UnknownUser execute the CreateTestData method of SecurityTutorial.AuthorizationExample. This creates some data that we will use later in the example.

    
    USER>Do ##class(SecurityTutorial.AuthorizationExample).CreateTestData()
    USER>Write ^TestData
    MyInitialData
         
    Copy code to clipboard
  2. Create a new role named UserDatabase. Give the role the following privileges:

    1. %DB_USER:READ.

    2. %Development:USE.

  3. Create a new user and add the user to the UserDatabase role.

  4. Open the Terminal and use $SYSTEM.Security.Login to login as the user created in the previous step.

  5. Execute the ReadTestData method of SecurityTutorial.AuthorizationTests. This method reads some data from the USER database and displays it. Since the user has %DB_USER:READ, the method successfully returns data.

    
    USER>Do $System.Security.Login("MyUser","MyUser")
     
    USER>Write $Username,!,$Roles
    MyUser
    UserDatabase
    USER>Write ##class(SecurityTutorial.AuthorizationExample).ReadTestData()
    MyInitialData
    
    Copy code to clipboard
  6. Now attempt to execute the UpdateTestData method of SecurityTutorial.AuthorizationExample. This method writes some data to the USER database. Since the user does not have %DB_USER:WRITE, the method fails and generates a <PROTECT> error.

    
    USER>Write $System.Security.Check("%DB_USER")
    READ
    USER>Do ##class(SecurityTutorial.AuthorizationExample).UpdateTestData()
     
      Set ^TestData = "MyUpdatedData" }
      ^
    <PROTECT>zUpdateTestData+1^SecurityTutorial.AuthorizationExample.1 ^TestData,c:\intersystems\iris\mgr\user\
    USER 2d1>
    
    Copy code to clipboard
  7. Next, edit the UserDatabase role so that it has %DB_USER:READ,WRITE.

  8. While logged in as the user created above and, execute the UpdateTestData method. The user now has write privileges on the USER database so the method succeeds.

FeedbackOpens in a new window