Example Four: $SYSTEM.Security.Check
In this example you experiment with the $SYSTEM.Security.Check method. It can be used within code to check privileges and prevent unauthorized execution of code blocks.
The SecurityTutorial.AuthorizationExample class contains a method named ProtectedMethod. This method uses $SYSTEM.Security.Check to protect a code block. If the user attempting to execute the method has the ProtectedMethod:USE privilege, the method successfully returns the value of $Username. If the user does not have this privelege, the method returns an error.
ClassMethod ProtectedMethod() As %String
Return "Error: Insufficient Privileges"
Here are the steps for using the example:
Create a new role named ProtectedMethodExample. Give the role %Development:USE and %DB_USER:RW.
Create a new user and add the user to the ProtectedMethodExample role.
Open the Terminal and use $SYSTEM.Security.Login to log in as the user created in the previous step. Attempt to execute the SecurityTutorial.AuthorizationExample ProtectedMethod method. Since the user does not yet have ProtectedMethod:USE, the method returns "Error: Insufficient Privileges".
Error: Insufficient Privileges
Create a new resource named ProtectedMethod. Assign the resource no Public Permissions. Give the ProtectedMethodExample role ProtectedMethod:USE.
While logged in as the user created above, member of the ProtectedMethodExample role, execute the ProtectedMethod of SecurityTutorial.AuthorizationExample. Now that the user has ProtectedMethod:USE, the method executes its true branch and returns the value of $Username.