Class Reference
IRIS for UNIX 2019.2
InterSystems: The power behind what matters   
Documentation  Search
  [%SYS] >  [Security] >  [X509Users]
Private  Storage   

persistent class Security.X509Users extends %Persistent, %XML.Adaptor, %SYSTEM.Help

This class maps a key to a User. The keys should be obtained from X509 certificates. Use X509Users.GetLookupKey() go get a standard key from a certificate.

Inventory

Parameters Properties Methods Queries Indices ForeignKeys Triggers
4 14 1 1


Summary

Properties
%Concurrency Comment Enabled LookupKey Username

Methods
%%OIDGet %1Check %AddJrnObjToSyncSet %AddToSaveSet
%AddToSyncSet %BMEBuilt %BindExport %BuildIndices
%BuildIndicesSegment %BuildObjectGraph %CheckConstraints %CheckConstraintsForExtent
%ClassIsLatestVersion %ClassName %Close %ComposeOid
%ConstructClone %Delete %DeleteExtent %DeleteId
%DispatchClassMethod %DispatchGetModified %DispatchGetProperty %DispatchMethod
%DispatchSetModified %DispatchSetMultidimProperty %DispatchSetProperty %DowngradeConcurrency
%ExecuteAfterTriggers %ExecuteBeforeTriggers %Exists %ExistsId
%Extends %FileIndices %FileIndicesBuffered %GUID
%GUIDSet %GetLock %GetParameter %GetSwizzleObject
%Id %IncrementCount %InsertBatch %IsA
%IsModified %IsNull %JournalObject %KillExtent
%KillExtentData %LoadFromMemory %LockExtent %LockId
%New %NormalizeObject %ObjectIsNull %ObjectModified
%Oid %OnBeforeAddToSync %OnDetermineClass %Open
%OpenId %OriginalNamespace %PackageName %PhysicalAddress
%PurgeIndices %Reload %RemoveFromSaveSet %ResolveConcurrencyConflict
%RollBack %SQLAcquireLock %SQLAcquireTableLock %SQLAfterTriggers
%SQLBeforeTriggers %SQLBuildIndices %SQLBuildPurgeIndexForRow %SQLBuildPurgeIndices
%SQLCheckUnique %SQLCheckUniqueIndices %SQLCheckUniqueKeys %SQLCopyIcolIntoName
%SQLCopyNameIntoIcol %SQLCreateInsDelTables %SQLDefineiDjVars %SQLDelete
%SQLDeleteChildren %SQLDeleteTempStreams %SQLEExit %SQLExists
%SQLFKeyDelLock %SQLFastInsert %SQLFieldValidate %SQLGetLock
%SQLGetOld %SQLGetOldAll %SQLGetOldIndex %SQLInsert
%SQLInsertComputes %SQLInsertStreams %SQLInvalid %SQLInvalid2
%SQLMVDelete %SQLMVIndexDelete %SQLMVIndexInsert %SQLMVIndexUpdate
%SQLMVInsert %SQLMVUpdate %SQLMissing %SQLNormalizeCompFields
%SQLNormalizeFields %SQLPurgeIndices %SQLQuickBulkInsert %SQLQuickBulkLoad
%SQLQuickBulkSave %SQLQuickBulkUpdate %SQLQuickDelete %SQLQuickDeleteChildren
%SQLQuickFindPKeyByRowID %SQLQuickFindRowIDByPKey %SQLQuickInsert %SQLQuickLoad
%SQLQuickLoadChildren %SQLQuickLogicalToOdbc %SQLQuickOdbcToLogical %SQLQuickUpdate
%SQLReleaseLock %SQLReleaseTableLock %SQLStorageValidation %SQLTrigDelTab
%SQLTrigInsTab %SQLUnlock %SQLUnlock2 %SQLUnlockError
%SQLUnlockRef %SQLUpdate %SQLUpdateComputes %SQLUpdateStreams
%SQLValidateCompFields %SQLValidateFields %SQLicompView %SQLnBuild
%Save %SaveDirect %SaveIndices %SerializeObject
%SetModified %SortBegin %SortEnd %SyncObjectIn
%SyncTransport %UnlockExtent %UnlockId %UpgradeConcurrency
%ValidateIndices %ValidateObject %XMLGenerate Copy
Create Delete Exists Export
Get GetProperties GetX509LookupKey Help
Import Initialize ListClose ListExecute
ListFetch Modify XMLAfterExport XMLBeforeExport
XMLDTD XMLExport XMLExportInternal XMLExportToStream
XMLExportToString XMLGetSchemaImports XMLImport XMLImportInternal
XMLIsObjectEmpty XMLNew XMLSchema XMLSchemaNamespace
XMLSchemaType


Properties

• property Comment as %String(MAXLEN=128);
Comment.
• property Enabled as Security.Datatype.BooleanYN [ InitialExpression = 1 ];
Allow to log in via this key.
0 - Disable login.
1 - Enable login.
• property LookupKey as %String(MAXLEN=256) [ Required ];
Comment.
• property Username as %String(MAXLEN=128);
UserName to be logged in as.

Methods

• classmethod Copy(LookupKey As %String, NewLookupKey As %String) as %Status
Copy an X509User.
Copy an existing X509User in the Security database to a new one.
Parameters:
LookupKey - LookupKey of the X509User to be copied.
NewLookupKey - LookupKey of the X509User to be created.
• classmethod Create(LookupKey As %String, Username As %String, Enabled As %Boolean, Comment As %String) as %Status
Create a X509User.
Create a X509User in the Security database.
There are 2 ways to call this method and pass the parameters:

s x=##Class(Security.X509Users).Create(LookupKey,username,...)
or
s x=##Class(Security.X509Users).Create(LookupKey,.Properties)

Where Properties are contained in an array subscripted by property name, passed by reference. See the Get() method for a description of the Properies array. Valid properties for the Create() method are described below, other values are ignored.
Parameters:
LookupKey - Key used to lookup Username UserName - Name of the user associated with this key
Enabled - 0/1, account is disabled/enabled
Comment - Comment
• classmethod Delete(LookupKey As %String) as %Status
Delete an X509User.
This method will delete a User from the security database.
Parameters:
LookupKey - Key to delete
• classmethod Exists(LookupKey As %String, ByRef X509User As %ObjectHandle, ByRef Status As %Status) as %Boolean
X509 User exists.
This method checks for the existence of a user in the security database.
Parameters:
LookupKey - Lookup key of the user to check existence of
Requires the %Admin_Secure:USE privilege to change the $USERNAME value.
Return values:
If Value of the method = 0 (User does not exist, or some error occured)
User = Null
Status = User "x" does not exist, or other error message

If Value of the method = 1 (User exists)
User = Object handle to user
Status = User "x" already exists
• classmethod Export(FileName As %String = "X509UsersExport.xml", ByRef NumExported As %Integer = 0, LookupKeys As %String = "*", Usernames As %String = "*") as %Status
This method exports X509User records to a file in xml format.
Parameters:
Filename - Output file name
NumExported (byref) - Returns number of records exported.
LookupKeys - Comma separated list of Keys to export, "*" = All
Usernames - Comma separated list of Usernames, "*" = All. Export X509Users containing only these usernames
• classmethod Get(LookupKey As %String, ByRef Properties As %String) as %Status
Get a X509User's properties.
Gets a X509User's properties from the security database.
Parameters:
Username - Name of the user to get
Return values:
Properties - Array of properties
Properties("Comment") - Comment
Properties("Enabled") - 0=Disabled, 1=Enabled
Properties("LookupKey") - Key used to find Username
Properties("Username") - Name of associated user
• classmethod GetProperties(X509User As %ObjectHandle, ByRef Properties As %String) as %Status
Get a User's properties.
Gets a User's properties from the security database.
Parameters:
Username - Object handle to a User record
Return values:
Properties - See the Get method for more information on properties returned
• classmethod GetX509LookupKey(CredentialsCandidate As %String) as %String
Return the lookup key (SubjectDN) for an X509 Certificate.
There are four different ways this can be called where:

1) Certificate = DER Encoded X509 Certificate
2) Certificate = PEM Encoded X509 Certificate
3) Certificate = Alias of %SYS.X509Credentials object
4) Certificate = A %SYS.X509Credentials object

If the certificate cannot be found or is invalid, an empty string is returned.
• classmethod Import(FileName As %String = "X509UsersExport.xml", ByRef NumImported As %Integer, Flags As %Integer = 0) as %Status
Import User records from an xml file.
Parameters:
FileName - Filename to import User records from
NumImported (byref) - Returns number of records imported
Flags - Control import
Bit 0 - Do not import records, just return count
Note: On failure, no records will be imported
• classmethod Initialize() as %Status
Initialize the userKey database at installation time.
• classmethod ListClose(ByRef %qHandle As %Binary) as %Status
• classmethod ListExecute(ByRef %qHandle As %Binary, LookupKeys As %String = "*", Usernames As %String = "*") as %Status
• classmethod ListFetch(ByRef %qHandle As %Binary, ByRef Row As %List, ByRef AtEnd As %Integer = 0) as %Status
• classmethod Modify(LookupKey As %String, ByRef Properties As %String) as %Status
Modify a X509User's properties.
Modifies a X509User's properties from the security database.
Parameters:
LookupKey - Key of the X509User to modify
Properties - Array of properties to modify.
See the Get() method for a description of the Properties parameter.
If a specific property is not passed in the properties array, the value is not modified.
If a value is unchanged it is not set to prevent the property modified state from being set.

Queries

• query List(LookupKeys As %String, Usernames As %String)
Selects LookupKey As %String, Username As %String, Comment As %String, Enabled As %String
List all userkey records, brief display.
Keys - Comma separated list of userkeys, "*" = All
Usernames - Comma separated list of Usernames, "*"=ALL
Note: This query may change in future versions

Indices

•index (LookupKeyIndex on LookupKey) [IdKey,Unique];


Copyright (c) 2019 by InterSystems Corporation. Cambridge, Massachusetts, U.S.A. All rights reserved. Confidential property of InterSystems Corporation.