Integrating with InterSystems Security


When using the default CSP mechanism to provide connectivity for Deltanji's browser interface, Deltanji users can be authenticated using standard InterSystems security.

1. Set up your InterSystems user accounts in Management Portal.

2. Unless you need to use different credentials to control user access to Deltanji's Beyond Compare server, disable the setting of Deltanji passwords on user accounts as follows:

s ^%vcvc("authenticateInCache")=1

3. Define users in Deltanji.

Notes:

  • A Deltanji username must match an InterSystems security username, or must specify an alias that matches.
  • Password fields in the Deltanji user setup dialog should only be set if they are required for restricting access to Beyond Compare independently of InterSystems security.
  • A newly-installed Deltanji instance will have one predefined username. If you need to discover what it is (e.g. in order to connect to the Deltanji UI and set up more users), run this command in the DELTANJI namespace: w $o(^%vcmf("user",""))

4. Configure the Deltanji web application in Management Portal. Set the following checkboxes in the 'Allowed authentication methods' field as follows:

  • Unauthenticated: not checked
  • Password (and/or other authentication methods applicable at your site): checked

Deltanji users will require will need sufficient Caché-level privileges to access all relevant databases, including write permission on the Deltanji repository database itself and remote task server databases where applicable. They will also need the %System_Callout:U privilege in order to issue operating system commands (e.g. for manipulating a file component's read-only attribute). One way of providing these privileges to users is to do the following in Management Portal:

  1. Create a role named DeltanjiUser.
  2. Grant to the DeltanjiUser role both Read and Write permissions on the resource controlling your DELTANJI database. That resource is typically called %DB_DELTANJI.
  3. If Deltanji is managing code on other machines via task servers, grant to the DeltanjiUser role both Read and Write permissions on the resource controlling your remote DELTANJI-LOCAL databases. That resource is typically called %DB_DELTANJI-LOCAL.
  4. Grant to the DeltanjiUser role the Use permission on the %System_Callout resource.
  5. Add the DeltanjiUser role as an Application Role for the Deltanji web application, which is typically named /deltanji.


See Also: Users and Access Controls, Managing Users and Access Controls