Skip to main content
Previous sectionNext section

Example Four: $SYSTEM.Security.Check

In this example you experiment with the $SYSTEM.Security.Check method. It can be used within code to check privileges and prevent unauthorized execution of code blocks.

The SecurityTutorial.AuthorizationTests class contains a method named ProtectedMethod. This method uses $SYSTEM.Security.Check to protect a code block. If the user attempting to execute the method has the ProtectedMethod:USE privilege, the method successfully returns the value of $Username. If the user does not have this privelege, the method returns an error.


ClassMethod ProtectedMethod() As %String
{ 
 if ($SYSTEM.Security.Check("ProtectedMethod","U"))
 {
  Quit $Username
 }
 Else
 {
  Quit "Error: Insufficient Privileges"
 }
}   
Copy code to clipboard

Here are the steps for using the example:

  1. Import SecurityTutorial.AuthorizationTests into Caché in the USER namespace if you have not done so already.

  2. Create a new role named ProtectedMethodExample. Give the role %Development:USE and %DB_USER:RW.

  3. Create a new user and add the user to the ProtectedMethodExample role.

  4. Open Terminal and use $SYSTEM.Security.Login to log in as the user created in the previous step. Attempt to execute the SecurityTutorial.AuthorizationTests ProtectedMethod method. Since your user does not yet have ProtectedMethod:USE, the method returns "Error: Insufficient Privileges".

    
    USER>Write $System.Security.Login("ProtMethodUser","PMU")
    1    
    USER>Write ##class(SecurityTutorial.AuthorizationTests).ProtectedMethod()
    Error: Insufficient Privileges
        
    
    Copy code to clipboard
  5. Create a new resource named ProtectedMethod. Assign the resource no Public Permissions. Give the ProtectedMethodExample role ProtectedMethod:USE.

  6. While logged in as the user created above, member of the ProtectedMethodExample role, execute the ProtectedMethod of SecurityTutorial.AuthorizationTests. Now that the user has ProtectedMethod:USE, the method executes its true branch and returns the value of $Username.

    
    USER>Write ##class(SecurityTutorial.AuthorizationTests).ProtectedMethod()
    ProtMethodUser
         
    Copy code to clipboard
Note:

To learn more about $SYSTEM.Security.Check, read Checking Privileges in the Privileges and Permissions section of the Caché Security Administration Guide.