Skip to main content

This is documentation for Caché and Ensemble. See the InterSystems IRIS version of this content.Opens in a new tab

Please read this important announcement about the future of Caché and Ensemble maintenanceOpens in a new tab. Contact your account team to migrate to InterSystems IRIS.

Overview

Authorization is the process of determining which database assets a user can use, view, or change. Database assets include:

  • Databases — Physical files containing data or code.

  • Services — Tools for connecting to Caché, for example, client/server services, telnet.

  • Applications — Caché programs, for example, Caché Server Pages (CSP) applications.

  • Administrative actions — Sets of tasks, for example, starting and stopping Caché or creating backups.

Role-based Security

The Caché security system is role-based. This means that users receive their authorizations through their membership in roles. These roles grant their members sets of privileges which in turn grant permissions (USE, READ, or WRITE) on resources — the logical representation of database assets in the security system.

For example, an individual working in the Human Resources department needs to be able to view and update employee information stored in the EmployeeInfo database. To authorize these actions, the security administrator assigns the individual to the Human Resources role. This role grants its members certain privileges. Specifically, it grants them READ and WRITE permissions on the %DB_EmployeeInfo resource; the resource that represents the EmployeeInfo database in the security system.

The relationships among users, roles, permissions, resources, and assets can be summarized with the following:

Users are members of roles granting permissions on resources protecting assets.

Next sectionAssets and Resources
Previous sectionAuthorization
FeedbackOpens in a new tab