Example Four: $SYSTEM.Security.Check
In this example you experiment with the $SYSTEM.Security.Check method. It can be used within code to check privileges and prevent unauthorized execution of code blocks.
The SecurityTutorial.AuthorizationTests class contains a method named ProtectedMethod. This method uses $SYSTEM.Security.Check to protect a code block. If the user attempting to execute the method has the ProtectedMethod:USE privilege, the method successfully returns the value of $Username. If the user does not have this privelege, the method returns an error.
ClassMethod ProtectedMethod() As %String
{
if ($SYSTEM.Security.Check("ProtectedMethod","U"))
{
Quit $Username
}
Else
{
Quit "Error: Insufficient Privileges"
}
}
Here are the steps for using the example:
-
Import SecurityTutorial.AuthorizationTests into Caché in the USER namespace if you have not done so already.
-
Create a new role named ProtectedMethodExample. Give the role %Development:USE and %DB_USER:RW.
-
Create a new user and add the user to the ProtectedMethodExample role.
-
Open Terminal and use $SYSTEM.Security.Login to log in as the user created in the previous step. Attempt to execute the SecurityTutorial.AuthorizationTests ProtectedMethod method. Since your user does not yet have ProtectedMethod:USE, the method returns "Error: Insufficient Privileges".
USER>Write $System.Security.Login("ProtMethodUser","PMU") 1 USER>Write ##class(SecurityTutorial.AuthorizationTests).ProtectedMethod() Error: Insufficient Privileges
-
Create a new resource named ProtectedMethod. Assign the resource no Public Permissions. Give the ProtectedMethodExample role ProtectedMethod:USE.
-
While logged in as the user created above, member of the ProtectedMethodExample role, execute the ProtectedMethod of SecurityTutorial.AuthorizationTests. Now that the user has ProtectedMethod:USE, the method executes its true branch and returns the value of $Username.
USER>Write ##class(SecurityTutorial.AuthorizationTests).ProtectedMethod() ProtMethodUser
To learn more about $SYSTEM.Security.Check, read Checking Privileges in the Privileges and Permissions section of the Caché Security Administration Guide.