Skip to main content
Previous sectionNext section

Example Three: %DB_USER Resource

In this example you experiment with different privileges on the USER database and a user's ability to use the data and code stored in the database.

  1. If it has not already been imported, import the class SecurityTutorial.AuthorizationTests into Caché in the USER namespace.

  2. Open Terminal and while still logged in as the UnknownUser execute the CreateTestData method of SecurityTutorial.AuthorizationTests. This creates some data that we will use later in the example.

    
         USER>Do ##class(SecurityTutorial.AuthorizationTests).CreateTestData()
         USER>Write ^TestData
         MyInitialData
         
    Copy code to clipboard
  3. Create a new role named UserDatabase. Give the role the following privileges:

    1. %DB_USER:READ.

    2. %Development:USE.

  4. Create a new user and add the user to the UserDatabase role.

  5. Open Terminal and use $SYSTEM.Security.Login to login as the user created in the previous step.

  6. Execute the ReadTestData method of SecurityTutorial.AuthorizationTests. This method reads some data from the USER database and displays it. Since the user has %DB_USER:READ, the method successfully returns data.

    generated description: userreadprivs 20111

  7. Now attempt to execute the UpdateTestData method of SecurityTutorial.AuthorizationTests. This method writes some data to the USER database. Since the user does not have %DB_USER:WRITE, the method fails and generates a <PROTECT> error.

    generated description: writefailuser 20111

  8. Next, edit the UserDatabase role so that it has %DB_USER:READ,WRITE.

  9. Finally, while still logged in as the user created above, execute the UpdateTestData method. The user now has write privileges on the USER database so the method succeeds.