Skip to main content

This documentation is for an older version of this product. See the latest version of this content.Opens in a new tab

Example One: %Developer and %Operator Roles

This example demonstrates an authorization difference between the %Developer and %Operator roles.

Both roles are pre-defined in InterSystems IRIS. They provide their members with different sets of privileges:

  • %Developer — Members of this role can access a number of development related tools including the Terminal, Studio, Telnet, and the Debugger. In particular, %Developer has the %Development:USE privilege. Holders of this privilege can access the Terminal.

  • %Operator — Members of this role can perform a number of operator related tasks including mounting and unmounting databases, starting and stopping InterSystems IRIS, and performing integrity checks. This role does not grant its members the %Development:USE privilege.

Complete the following steps:

  1. Create two new InterSystems IRIS users: OpUser (password “OpUser”) and DevUser (password “DevUser”). Assign OpUser to the %Operator role and assign DevUser to the %Developer role.

  2. Next, open the Terminal and use $SYSTEM.Security.Login to login as DevUser. Note that the method requires the user name and password as arguments. Then write the values of $Username and $Roles to confirm the login.

    
USER>Write $System.Security.Login("DevUser","DevUser")
1
USER>Write $Username
DevUser
USER>Write $Roles
%Developer
USER>

  3. Open a new Terminal and use $SYSTEM.Security.Login to attempt to login as OpUser. Since this user does not have %Development:USE, the user cannot access the Terminal. The login fails and the Terminal closes. Before closing, the Terminal displays an error like the following:

    
USER>Do $System.Security.Login("OpUser","OpUser")
 
 
Access Denied
Note:

This example and the following assume that you have installed InterSystems IRIS using Minimal security and that the %Service_Console service allows unauthenticated access.

The example described above assumes a Windows environment. Unix® users can do the same example using the Terminal, however the relevant service is called %Service_Terminal.

For a comparison of the privileges granted by all of the predefined roles see Predefined Roles.

Example Two: %Development ResourceNext section
Previous sectionSetup for Users, Resources, and Roles Examples
FeedbackOpens in a new tab