Class Reference
IRIS for UNIX 2019.2
InterSystems: The power behind what matters   
Documentation  Search
  [%SYS] >  [Security] >  [X509Users]
Private  Storage   

persistent class Security.X509Users extends %Persistent, %XML.Adaptor, %SYSTEM.Help

This class maps a key to a User. The keys should be obtained from X509 certificates. Use X509Users.GetLookupKey() go get a standard key from a certificate.


Parameters Properties Methods Queries Indices ForeignKeys Triggers
4 14 1 1


%Concurrency Comment Enabled LookupKey Username

%%OIDGet %1Check %AddJrnObjToSyncSet %AddToSaveSet
%AddToSyncSet %BMEBuilt %BindExport %BuildIndices
%BuildIndicesSegment %BuildObjectGraph %CheckConstraints %CheckConstraintsForExtent
%ClassIsLatestVersion %ClassName %Close %ComposeOid
%ConstructClone %Delete %DeleteExtent %DeleteId
%DispatchClassMethod %DispatchGetModified %DispatchGetProperty %DispatchMethod
%DispatchSetModified %DispatchSetMultidimProperty %DispatchSetProperty %DowngradeConcurrency
%ExecuteAfterTriggers %ExecuteBeforeTriggers %Exists %ExistsId
%Extends %FileIndices %FileIndicesBuffered %GUID
%GUIDSet %GetLock %GetParameter %GetSwizzleObject
%Id %IncrementCount %InsertBatch %IsA
%IsModified %IsNull %JournalObject %KillExtent
%KillExtentData %LoadFromMemory %LockExtent %LockId
%New %NormalizeObject %ObjectIsNull %ObjectModified
%Oid %OnBeforeAddToSync %OnDetermineClass %Open
%OpenId %OriginalNamespace %PackageName %PhysicalAddress
%PurgeIndices %Reload %RemoveFromSaveSet %ResolveConcurrencyConflict
%RollBack %SQLAcquireLock %SQLAcquireTableLock %SQLAfterTriggers
%SQLBeforeTriggers %SQLBuildIndices %SQLBuildPurgeIndexForRow %SQLBuildPurgeIndices
%SQLCheckUnique %SQLCheckUniqueIndices %SQLCheckUniqueKeys %SQLCopyIcolIntoName
%SQLCopyNameIntoIcol %SQLCreateInsDelTables %SQLDefineiDjVars %SQLDelete
%SQLDeleteChildren %SQLDeleteTempStreams %SQLEExit %SQLExists
%SQLFKeyDelLock %SQLFastInsert %SQLFieldValidate %SQLGetLock
%SQLGetOld %SQLGetOldAll %SQLGetOldIndex %SQLInsert
%SQLInsertComputes %SQLInsertStreams %SQLInvalid %SQLInvalid2
%SQLMVDelete %SQLMVIndexDelete %SQLMVIndexInsert %SQLMVIndexUpdate
%SQLMVInsert %SQLMVUpdate %SQLMissing %SQLNormalizeCompFields
%SQLNormalizeFields %SQLPurgeIndices %SQLQuickBulkInsert %SQLQuickBulkLoad
%SQLQuickBulkSave %SQLQuickBulkUpdate %SQLQuickDelete %SQLQuickDeleteChildren
%SQLQuickFindPKeyByRowID %SQLQuickFindRowIDByPKey %SQLQuickInsert %SQLQuickLoad
%SQLQuickLoadChildren %SQLQuickLogicalToOdbc %SQLQuickOdbcToLogical %SQLQuickUpdate
%SQLReleaseLock %SQLReleaseTableLock %SQLStorageValidation %SQLTrigDelTab
%SQLTrigInsTab %SQLUnlock %SQLUnlock2 %SQLUnlockError
%SQLUnlockRef %SQLUpdate %SQLUpdateComputes %SQLUpdateStreams
%SQLValidateCompFields %SQLValidateFields %SQLicompView %SQLnBuild
%Save %SaveDirect %SaveIndices %SerializeObject
%SetModified %SortBegin %SortEnd %SyncObjectIn
%SyncTransport %UnlockExtent %UnlockId %UpgradeConcurrency
%ValidateIndices %ValidateObject %XMLGenerate Copy
Create Delete Exists Export
Get GetProperties GetX509LookupKey Help
Import Initialize ListClose ListExecute
ListFetch Modify XMLAfterExport XMLBeforeExport
XMLDTD XMLExport XMLExportInternal XMLExportToStream
XMLExportToString XMLGetSchemaImports XMLImport XMLImportInternal
XMLIsObjectEmpty XMLNew XMLSchema XMLSchemaNamespace


• property Comment as %String(MAXLEN=128);
• property Enabled as Security.Datatype.BooleanYN [ InitialExpression = 1 ];
Allow to log in via this key.
0 - Disable login.
1 - Enable login.
• property LookupKey as %String(MAXLEN=256) [ Required ];
• property Username as %String(MAXLEN=128);
UserName to be logged in as.


• classmethod Copy(LookupKey As %String, NewLookupKey As %String) as %Status
Copy an X509User.
Copy an existing X509User in the Security database to a new one.
LookupKey - LookupKey of the X509User to be copied.
NewLookupKey - LookupKey of the X509User to be created.
• classmethod Create(LookupKey As %String, Username As %String, Enabled As %Boolean, Comment As %String) as %Status
Create a X509User.
Create a X509User in the Security database.
There are 2 ways to call this method and pass the parameters:

s x=##Class(Security.X509Users).Create(LookupKey,username,...)
s x=##Class(Security.X509Users).Create(LookupKey,.Properties)

Where Properties are contained in an array subscripted by property name, passed by reference. See the Get() method for a description of the Properies array. Valid properties for the Create() method are described below, other values are ignored.
LookupKey - Key used to lookup Username UserName - Name of the user associated with this key
Enabled - 0/1, account is disabled/enabled
Comment - Comment
• classmethod Delete(LookupKey As %String) as %Status
Delete an X509User.
This method will delete a User from the security database.
LookupKey - Key to delete
• classmethod Exists(LookupKey As %String, ByRef X509User As %ObjectHandle, ByRef Status As %Status) as %Boolean
X509 User exists.
This method checks for the existence of a user in the security database.
LookupKey - Lookup key of the user to check existence of
Requires the %Admin_Secure:USE privilege to change the $USERNAME value.
Return values:
If Value of the method = 0 (User does not exist, or some error occured)
User = Null
Status = User "x" does not exist, or other error message

If Value of the method = 1 (User exists)
User = Object handle to user
Status = User "x" already exists
• classmethod Export(FileName As %String = "X509UsersExport.xml", ByRef NumExported As %Integer = 0, LookupKeys As %String = "*", Usernames As %String = "*") as %Status
This method exports X509User records to a file in xml format.
Filename - Output file name
NumExported (byref) - Returns number of records exported.
LookupKeys - Comma separated list of Keys to export, "*" = All
Usernames - Comma separated list of Usernames, "*" = All. Export X509Users containing only these usernames
• classmethod Get(LookupKey As %String, ByRef Properties As %String) as %Status
Get a X509User's properties.
Gets a X509User's properties from the security database.
Username - Name of the user to get
Return values:
Properties - Array of properties
Properties("Comment") - Comment
Properties("Enabled") - 0=Disabled, 1=Enabled
Properties("LookupKey") - Key used to find Username
Properties("Username") - Name of associated user
• classmethod GetProperties(X509User As %ObjectHandle, ByRef Properties As %String) as %Status
Get a User's properties.
Gets a User's properties from the security database.
Username - Object handle to a User record
Return values:
Properties - See the Get method for more information on properties returned
• classmethod GetX509LookupKey(CredentialsCandidate As %String) as %String
Return the lookup key (SubjectDN) for an X509 Certificate.
There are four different ways this can be called where:

1) Certificate = DER Encoded X509 Certificate
2) Certificate = PEM Encoded X509 Certificate
3) Certificate = Alias of %SYS.X509Credentials object
4) Certificate = A %SYS.X509Credentials object

If the certificate cannot be found or is invalid, an empty string is returned.
• classmethod Import(FileName As %String = "X509UsersExport.xml", ByRef NumImported As %Integer, Flags As %Integer = 0) as %Status
Import User records from an xml file.
FileName - Filename to import User records from
NumImported (byref) - Returns number of records imported
Flags - Control import
Bit 0 - Do not import records, just return count
Note: On failure, no records will be imported
• classmethod Initialize() as %Status
Initialize the userKey database at installation time.
• classmethod ListClose(ByRef %qHandle As %Binary) as %Status
• classmethod ListExecute(ByRef %qHandle As %Binary, LookupKeys As %String = "*", Usernames As %String = "*") as %Status
• classmethod ListFetch(ByRef %qHandle As %Binary, ByRef Row As %List, ByRef AtEnd As %Integer = 0) as %Status
• classmethod Modify(LookupKey As %String, ByRef Properties As %String) as %Status
Modify a X509User's properties.
Modifies a X509User's properties from the security database.
LookupKey - Key of the X509User to modify
Properties - Array of properties to modify.
See the Get() method for a description of the Properties parameter.
If a specific property is not passed in the properties array, the value is not modified.
If a value is unchanged it is not set to prevent the property modified state from being set.


• query List(LookupKeys As %String, Usernames As %String)
Selects LookupKey As %String, Username As %String, Comment As %String, Enabled As %String
List all userkey records, brief display.
Keys - Comma separated list of userkeys, "*" = All
Usernames - Comma separated list of Usernames, "*"=ALL
Note: This query may change in future versions


•index (LookupKeyIndex on LookupKey) [IdKey,Unique];

Copyright (c) 2019 by InterSystems Corporation. Cambridge, Massachusetts, U.S.A. All rights reserved. Confidential property of InterSystems Corporation.