Skip to main content

This is documentation for Caché and Ensemble. See the InterSystems IRIS version of this content.Opens in a new tab

Please read this important announcement about the future of Caché and Ensemble maintenanceOpens in a new tab. Contact your account team to migrate to InterSystems IRIS.

CACHESYS, the Manager’s Database

CACHESYS, the Manager’s Database

Caché ships with a database that provides a repository for administrative routines and globals. This is the CACHESYS database, and is sometimes known as the manager’s database.

Within this database, there are groups of globals and routines whose names begin with the percent sign (these are often known as “percent globals” or “percent routines”). These globals and routines have a special role in the management of a Caché site and have special rules that apply to them:

  • All users have Read permission for percent routines and percent globals.

    Note that via mappings, it is possible to change where these items are stored, but that has no effect on their visibility. Percent globals and percent globals are always visible in all namespaces.

  • All percent routines have Write permission for all globals located in the same database (percent as well as non-percent). For instance, percent routines in the CACHESYS database have Write access to globals stored in that database, but not to globals in any other database. Simultaneously, percent routines in any other database have implicit Write access to globals stored in that same database but not to percent globals in CACHESYS. This implicit Write permission is only available during normal routine execution. It is disabled if the routine has been modified and it is not available in XECUTE commands or through argument indirection.

  • You can control Write access to percent globals from non-percent routines with the Enable writing to percent globals field on the System-wide Security Parameters page (System Administration > Security > System Security > System-wide Security Parameters); this page is described in the System-wide Security Parameters section of the “System Management and Security” chapter.

Caution:

Do not move, replace, or delete the CACHESYS database.

Special Capabilities

There are special capabilities available to code located in the CACHESYS database. These capabilities are sometimes called “restricted system capabilities.” They are:

  • Invoking protected VIEW commands and $VIEW functions.

  • Using protected class methods.

  • Modifying the roles of a process with a SET $ROLES = ... call.

  • Invoking the single-argument form of the $SYSTEM.Security.Login function (which is the Login method of the %SYSTEM.SecurityOpens in a new tab class).

  • Invoking the two-argument form of the $SYSTEM.Security.ChangePassword function (which is the ChangePassword method of the %SYSTEM.SecurityOpens in a new tab class). (Note that the new password must conform to the general password constraints described in “Properties of Users” section of the “Users” chapter and the instance-specific password constraints described in the “Password Strength and Password Policies” section of the “System Management and Security” chapter.

Note:

You need no database privileges to read or write database blocks with the VIEW command.

The only code that can perform these actions is:

  • Routines stored in the CACHESYS database, but only during “normal” routine execution. They are disabled if a ZINSERT into the current routine has modified the routine, and they are also not available in XECUTE commands or through argument indirection.

  • Processes with the Write permission on the %DB_CACHESYS resource.

Next sectionThe SAMPLES Database
FeedbackOpens in a new tab