abstract class %SYSTEM.Security
|
Parameters
|
Properties
|
Methods
|
Queries
|
Indices
|
ForeignKeys
|
Triggers
|
|
|
|
7
|
|
|
|
|
• classmethod AddRoles(ApplicationName As %String, Hash As %String = "")
as %Status
Add the extra roles associated with the named application
• abstract classmethod Audit(Source As %String, Type As %String, Name As %String, EventData As %String, Description As %String)
as %Status
Audit a user-level event. If auditing is enabled for user level events, generate an audit record
with the user-specified information.
• classmethod ChangePassword(Username As %String, NewPassword As %String, OldPassword As %String, ByRef Status As %Status)
as %Boolean
Change password for a user.
Parameters:
Username - Name of the User to change
NewPassword - New password to set
OldPassword - Old Password to validate against
Return Value:
0 - Failure
1 - Password changed
On failure, an error code is returned in Status.
If the old password is not passed as a parameter, then the password will be changed
to the NewPassword parameter, providing the following:
The calling process has Write permission on the resource that protects the
CACHESYS database or the calling routine is stored in the CACHESYS database.
If you are trying to change the password of a user who was created either through Delegated
authentication or through LDAP authentication, you will need to update the
ChangePassword^ZAUTHENTICATE routine on your system. See the ZAUTHENTICATE routine in the
SAMPLES namespace for documentation.
• abstract classmethod Check(ResourceName As %String, Permissions As %String = "")
as %CacheString
Determine if a specified privilege is held on a specified resource.
If called as $System.Security.Check(resource)
it returns the privileges held on that resource as a comma-separated
list. For example,
$System.Security.Check("%DB_CACHETEMP") => "READ,WRITE"
If called as $System.Security.Check(resource,privilege) it returns TRUE or
FALSE depending on whether the specified privilege is held. For example,
$System.Security.Check("%Development","USE") => 1
• classmethod GetGlobalPermission(NameSpace As %String = "", Global As %String, Subscript As %String)
as %String
Return the permissions the process has for a global.
Parameters:
NameSpace - Namespace where the global exists.
Global - name of the global
Subscripts - Fully specified subscript including "()"
;Return Values:
Comma delimited list of permissions process has on the global,
or "" for no access/invalid parameters.
e.g. READ,WRITE
Remarks:
This method will follow the mapping of where the global actually
is mapped to to find out the access to it.
Examples:
Check the access on the source code for the %SS routine, which is stored
in the global ^ROUTINE("%SS")
S x=$SYSTEM.Security.GetGlobalPermission("USER","ROUTINE","(""%SS"")")
• classmethod Login(Username As %String, Password As %String)
as %Boolean
Log in a user given a valid username and password.
Parameters:
Username - Name of the user to log in as
Password - Password of user to log in (optional)
Return Value:
0 - Failure
1 - Success, user logged in
If the password is not passed as a parameter (1 argument form),
then the user will be logged in providing the following:
The calling process has Write permission on the resource that protects the
CACHESYS database or the calling routine is stored in the CACHESYS database
When the password is passed in as the second parameter (2 argument form), the
method requires that the user has the %Service_Login:USE privilege.
• classmethod ValidatePassword(Password As %String)
as %Status
Validate a password against system password policy.
