Class Reference
IRIS for UNIX 2019.2
InterSystems: The power behind what matters   
Documentation  Search
  [%SYS] >  [Security] >  [Resources]
Private  Storage   

persistent class Security.Resources extends %Persistent, %XML.Adaptor, %SYSTEM.Help

Define the security Resource database, and methods which manipulate them.
The system includes a set of pre-defined System resources. Some properties of the system resources may not be modified.

Resource names have the following properties:
1) Resource names are case insensitive.
2) Maximum length of a resource name is 64 characters.
3) First Character after the "_" cannot be a % for user-defined resources
4) Resource names cannot contain a "," or ":"

The %Admin_Secure:USE permission is required to operate on a resource

The table for this class should be manipulated only through object access, the published API's or through the System Management Portal. It should not be updated through direct SQL access.

Inventory

Parameters Properties Methods Queries Indices ForeignKeys Triggers
2 5 20 1 1


Summary

Properties
Description Name PublicPermission Type

Methods
%AddToSaveSet %AddToSyncSet %BMEBuilt %CheckConstraints
%CheckConstraintsForExtent %ClassIsLatestVersion %ClassName %ComposeOid
%ConstructClone %Delete %DeleteExtent %DeleteId
%DispatchClassMethod %DispatchGetModified %DispatchGetProperty %DispatchMethod
%DispatchSetModified %DispatchSetMultidimProperty %DispatchSetProperty %Exists
%ExistsId %Extends %GUID %GUIDSet
%GetLock %GetParameter %GetSwizzleObject %Id
%InsertBatch %IsA %IsModified %IsNull
%KillExtent %KillExtentData %LoadFromMemory %LockExtent
%LockId %New %NormalizeObject %ObjectIsNull
%ObjectModified %Oid %OnBeforeAddToSync %OnDetermineClass
%Open %OpenId %OriginalNamespace %PackageName
%PhysicalAddress %PurgeIndices %Reload %RemoveFromSaveSet
%ResolveConcurrencyConflict %RollBack %Save %SaveDirect
%SaveIndices %SerializeObject %SetModified %SortBegin
%SortEnd %SyncObjectIn %SyncTransport %UnlockExtent
%UnlockId %ValidateIndices %ValidateObject Create
Delete Exists Export Get
Help Import InUse Modify
XMLDTD XMLExport XMLExportToStream XMLExportToString
XMLNew XMLSchema XMLSchemaNamespace XMLSchemaType


Parameters

• parameter DOMAIN = "%Utility";

Properties

• property Description as %String(MAXLEN=256);
Description of the resource.
Description cannot be modified if a system defined resource.
• property Name as %String(COLLATION="Exact",MAXLEN=64,MINLEN=1) [ Required ];
Name of the resource.
• property PublicPermission as Security.Datatype.Permission [ InitialExpression = 0 ];
Public permissions on the resource.
Bit 0 - Read
Bit 1 - Write
Bit 2 - Use
• property Type as Security.Datatype.ResourceType(MINVAL=0) [ InitialExpression = 0 ];
Type - Bitmap describing the type of resource.
Bit 0 = System initialized resource
Bit 1 = Database resource
Bit 2 = Service resource
Bit 3 - Application resource
Bit 4 - DeepSee resource
Bits 5-30 reserved
Bit 31 = User defined Resource
Bits 31-64 user defined
Note that this property is set automatically by the filer and should not be set for user defined resources.
Do not modify this field directly except on initialization of system defaults.

Methods

• classmethod Create(Name As %String, Description As %String, PublicPermission As Security.Datatype.Permission, Type As %Integer) as %Status
Create a Resource.
Creates a Resource in the Security database.
Parameters:
Name - Name of the resource to create
Description- Description of the resource
PublicPermission - Public permission on the resource
May be one or more of "R","W","U"
Type - Internal use only, User defined resources should not pass this parameter
• classmethod Delete(Name As %String) as %Status
Delete a resource.
This method will delete a resource from the security database. After the resource is deleted, it will update all the roles which hold this resource to remove the resource from the role. It will then update the in-memory security tables to mark this resource as "No access" for all roles, and "no access" for its public permissions.
Access to these resources will then be restricted only to users who own the %All role.
Parameters:
Name - Name of the resource to delete
• classmethod Exists(Name As %String, ByRef Resource As %ObjectHandle, ByRef Status As %Status) as %Boolean
Resource exists.
This method checks for the existence of a resource in the security database.
Parameters:
Name - Name of the resource to check existence of
Return values:
If Value of the method = 0 (Resource does not exist, or some error occured)
Resource = Null
Status = Resource "x" does not exist, or other error message

If Value of the method = 1 (Resource exists)
Resource = Object handle to resource
Status = $$$OK
• classmethod Export(FileName As %String = "ResourcesExport.xml", ByRef NumExported As %Integer, Resources As %String = "*", PublicPermissions As %Integer = -1, Type As %Integer = -1) as %Status
This method exports Resource records to a file in xml format.
Parameters:
Filename - Output file name
NumExported (byref) - Returns number of records exported.
Resources - Comma separated list of Resources to export, "*" = All
PublicPermissions - Only export those with this type of public permissions
-1 = All
Bit 0 - Read public permission
Bit 1 - Write public permission
Bit 2 - Use public permission
Bit 9 - No public permission
Type - Internal use only, pass -1
• classmethod Get(Name As %String, ByRef Properties As %String) as %Status
Get a resource's properties.
Gets a resource's properties from the security database.
Parameters:
Name - Name of the resource to get
Return values:
Properties - Array of resource properties
Properties("Description")- Description of the resource
Properties("PublicPermission") - Public permission on the resource
May be one or more of "R","W","U"
Properties("Type") - Internal use only
• classmethod Import(FileName As %String = "ResourcesExport.xml", ByRef NumImported As %Integer, Flags As %Integer = 0) as %Status
Import Resource records from an xml file.
Parameters:
FileName - Filename to import Resource records from
NumImported (byref) - Returns number of records imported
Flags - Control import
Bit 0 - Do not import records, just return count
Note: On failure, no records will be imported
• classmethod InUse(Name As %String, ByRef InUse As %Status, ByRef Roles As %List, ByRef Databases As %List, ByRef Applications As %List, Flags As %Integer = 0) as %Status
Checks if the resource is in use.
Checks if the resource specified is used by any role, application or database.
Parameters:
Name - Name of the resource to check.
Return values:
InUse = 0 Not used
InUse = 1 Used
Roles - $list of roles the resource is used by or null if none
Databases - $list of databases the resource is used by or null if none
Applications - $list of applications the resource is used by or null if none
Flags - Controls return values
Bit 0 - Return roles in format $lb(Role1_":"_Permission,Role2_":"_Permission)
• classmethod Modify(Name As %String, ByRef Properties As %String) as %Status
Modify a resource.
Modify an existing resource's properties in the security database.
Parameters:
Name - Name of the resource to modify
Properties - Array of properties to modify.
See the Get() method for a description of the Properties parameter.
If a specific property is not passed in the properties array, the value is not modified.

Queries

• query List(Names As %String, PublicPermissions As %Integer, Type As %Integer, Flags As %Integer = 0)
Selects Name As %String, Description As %String, PublicPermission As %String, Type As %String, ResourceType As %String
List Resource types
Names - Comma separated list of resource names
"*" - All records match
"String,String1" - Any records matching one of these elements
"String*" - Any record starting with "String"
"String,String1*,String2" - Any record matching one of these elements, or starting with "String1"
PublicPermissions - Only list those with this type of public permissions
-1 = All
Bit 0 - Read public permission
Bit 1 - Write public permission
Bit 2 - Use public permission
Bit 9 - No public permission
Type - Internal use only, pass -1
Flags - 0 - Use "Startswith" as the selection on the name.
Flags - 1 - Use "Contains" as the selection on the name.
Note: This query may change in future versions

Indices

•index (NameIndex on NameLowerCase) [IdKey];


Copyright (c) 2019 by InterSystems Corporation. Cambridge, Massachusetts, U.S.A. All rights reserved. Confidential property of InterSystems Corporation.