Example One: %Developer and %Operator Roles
This example demonstrates an authorization difference between the %Developer and %Operator roles.
Both roles are pre-defined in Caché. They provide their members with different sets of privileges:
-
%Developer — Members of this role can access a number of development related tools including Terminal, Studio, Telnet, and the Debugger. In particular, %Developer has the %Development:USE privilege. Holders of this privilege can access the Terminal.
-
%Operator — Members of this role can perform a number of operator related tasks including mounting and unmounting databases, starting and stopping Caché, and performing integrity checks. This role does not grant its members the %Development:USE privilege.
Complete the following steps:
-
Create two new Caché users: OpUser (password “OpUser”) and DevUser (password “DevUser”). Assign OpUser to the %Operator role and assign DevUser to the %Developer role.
-
Next, open Terminal and use $SYSTEM.Security.Login to login as DevUser. Note that the method requires the user name and password as arguments. Then write the values of $Username and $Roles to confirm the login.
-
Open a new terminal and use $SYSTEM.Security.Login to attempt to login as OpUser. Since this user does not have %Development:USE, the user cannot access Terminal. The login fails and Terminal closes. Before closing, the terminal displays an error like the following:
Access Denied
This example and the following assume that you have installed Caché using Minimal security and that the %Service_Console service allows unauthenticated access.
The example described above assumes a Windows environment. Unix users can do the same example using Terminal, however the relevant service is called %Service_Terminal.
For a comparison of the privileges granted by all of the pre-defined roles see the Predefined Roles discussion in the Roles section of the Caché Security Administration Guide.