Example Two: %Development Resource
In this example, you create a role that has the %Development:USE privilege. This role grants its members privileges to use Terminal. The role does not, however, grant its members privileges to execute code in the USER database.
-
If you have not already done so, import the class SecurityTutorial.AuthorizationTests into the USER namespace in Caché. The class is in Authorization.xml.
-
Create a role named DevOnly.
-
Assign the new role the %Development:USE privilege.
-
Create a user and add the user to the DevOnly role.
-
Open Terminal and use $SYSTEM.Security.Login to login as the user created in the previous step. The DevOnly role provides the user with privileges to use Terminal.
-
Attempt to execute the HelloUser method of SecurityTutorial.AuthorizationTests. A user that is member of the DevOnly role does not have sufficient privileges to execute any code stored in the USER database. Any attempt generates a <PROTECT> error.
The problem is that the code is stored in the USER database. In order to execute the code, a user needs permissions to read the USER database. The DevOnly role does not grant these permissions. Enhancing DevOnly by adding the %DB_USER:READ privilege would allow a member of the DevOnly role to execute the code.
Authorization.xml is in install-dir\Dev\tutorials\security\. In a standard Caché installation, install-dir is in C:\InterSystems\Cache. Import the application files into the USER namespace using Studio. Importing Code Using Terminal contains instructions. This example assumes that you have installed Caché using minimal security.