New post
Question
· Mar 13, 2020

Adding Resources to a Newly Created Role

#Security #Caché

I am attempting to pragmatically create a bunch of roles and then assign the appropriate resources to that role.

Currently, the only ways to add resources to a role are to:

1. Do through Management Portal

2. Go through ^SECURITY (add resource one at a time)

 

My Intention would be to do the following: do ^SECURITY Role Setup Edit Role When prompted for resources to add, be able to use *

 

Additionally, I was thinking that an additional method can either exist (that I seem to can't find) or create a new method called AddResources: ##Class(Security.Roles).AddResources("role name", "resources to add [can use * for all]")

 

Any thoughts or maybe another way to work around this? 

Discussion (2)1
Log in or sign up to continue
Eduard Lebedyuk · Mar 14, 2020

Open role as an object (note lowercase):

set role = "%db_cachetemp"
set roleObj = ##class(Security.Roles).%OpenId(role)

Create required resource as an object:

set resouceObj = ##class(Security.Resource).%New()
/// set resource

Insert resource into the role and save the role

do roleObj.Resources.Insert(resourceObj)
set sc = roleObj.%Save()

And role has a new resource.

0 0
Steve Clay · Mar 16, 2020

You can use the Get and Modify methods in coordination with the Security.Resources:List() query (which allows wildcards). Here is some

untested code which will give you an idea of what you can do:

%SYS>s x=##Class(Security.Roles).Get("%developer",.Properties)
 
%SYS>zw Properties
Properties("Description")="A Role owned by all Developers"
Properties("GrantedRoles")=""
Properties("Resources")="%DB_%DEFAULT:RW,%DB_IRISLIB:R,%DB_IRISLOCALDATA:R,%DB_IRISTEMP:RW,%DB_USER:RW,%Development:U,%DocDB_Admin:U,%Service_Console:U,%Service_DocDB:U,%Service_Object:U,%Service_SQL:U,%Service_Telnet:U,%Service_Terminal:U,%Service_WebGateway:U,%System_CallOut:U"

;Now get the list of resources you want using a result set.

Set Rset = ##class(%ResultSet).%New("Security.Resources:List")
 '$$$ISOK(Rset) $SYSTEM.Status.DisplayError(%objlasterror) q
 Status=Rset.Execute("*") ; See class documentation of what you can use for wildcards here
 '$$$ISOK(Status) Do $System.OBJ.DisplayError(Status) q

s ResourceString=""

 While Rset.Next(.Status) {
 s Resource=Rset.Data("Name")
s ResourceString=ResourceString_Resource_":RW"_","

}

 '$$$ISOK(Status) Do $System.OBJ.DisplayError(Status) q
s ResourceString=$e(ResourceString,1,*-1) ; Remove trailing comma
;Now add to the existing resource string. Duplicates are ignored.

s Properties(Resources)=Properties("Resources")_","_ResourceString

;Now save it

s Status=##Class(Security.Roles).Modify("%developer",.Properties)

0 0