Example Three: %DB_USER Resource
In this example you experiment with different privileges on the USER database and a user's ability to use the data and code stored in the database.
-
If it has not already been imported, import the class SecurityTutorial.AuthorizationTests into Caché in the USER namespace.
-
Open Terminal and while still logged in as the UnknownUser execute the CreateTestData method of SecurityTutorial.AuthorizationTests. This creates some data that we will use later in the example.
USER>Do ##class(SecurityTutorial.AuthorizationTests).CreateTestData() USER>Write ^TestData MyInitialData
-
Create a new role named UserDatabase. Give the role the following privileges:
-
%DB_USER:READ.
-
%Development:USE.
-
-
Create a new user and add the user to the UserDatabase role.
-
Open Terminal and use $SYSTEM.Security.Login to login as the user created in the previous step.
-
Execute the ReadTestData method of SecurityTutorial.AuthorizationTests. This method reads some data from the USER database and displays it. Since the user has %DB_USER:READ, the method successfully returns data.
-
Now attempt to execute the UpdateTestData method of SecurityTutorial.AuthorizationTests. This method writes some data to the USER database. Since the user does not have %DB_USER:WRITE, the method fails and generates a <PROTECT> error.
-
Next, edit the UserDatabase role so that it has %DB_USER:READ,WRITE.
-
Finally, while still logged in as the user created above, execute the UpdateTestData method. The user now has write privileges on the USER database so the method succeeds.