Integrating with InterSystems Security


When using the default CSP mechanism to provide connectivity for Deltanji's browser interface, Deltanji users can be authenticated using standard InterSystems security.

1. Set up your InterSystems user accounts in Management Portal.

2. Unless you need to use different credentials to control user access to Deltanji's Beyond Compare server, disable the setting of Deltanji passwords on user accounts as follows:

s ^%vcvc("authenticateInCache")=1

3. Define users in Deltanji.

Notes:

  • A Deltanji username must match an InterSystems security username, or must specify an alias that matches.
  • Password fields in the Deltanji user setup dialog should only be set if they are required for restricting access to Beyond Compare independently of InterSystems security.
  • A newly-installed Deltanji instance will have one predefined username. If you need to discover what it is (e.g. in order to connect to the Deltanji UI and set up more users), run this command in the DELTANJI namespace: w $o(^%vcmf("user",""))

4. Configure the Deltanji web application in Management Portal. Set the following checkboxes in the 'Allowed authentication methods' field as follows:

  • Unauthenticated: not checked
  • Password (and/or other authentication methods applicable at your site): checked

Deltanji users will require will need sufficient Caché-level privileges to access all relevant databases, including write permission on the Deltanji repository database itself and remote task server databases where applicable. They will also need the %System_Callout:U privilege in order to issue operating system commands (e.g. for manipulating a file component's read-only attribute). One way of providing these privileges to users is to do the following in Management Portal:

  1. Create a role named DeltanjiUser.
  2. Grant the DeltanjiUser role both Read and Write permissions on the resource controlling your DELTANJI database. That resource is typically called %DB_DELTANJI.
  3. If Deltanji is managing code on other machines via task servers, grant to the DeltanjiUser role both Read and Write permissions on the resource controlling your remote DELTANJI-LOCAL databases. That resource is typically called %DB_DELTANJI-LOCAL.
  4. Grant the DeltanjiUser role Use permission on the %System_Callout resource.
  5. If possible, grant the DeltanjiUser role Read permission on the %DB_CACHESYS resource. Without this permission Deltanji will be unable to manage CSP or CSR component types in M-format storage, and when used to manage code on other machines via task servers you may experience long pauses accessing remote locations when ECP data servers are unreachable.
  6. Add the DeltanjiUser role as an Application Role for the Deltanji web application, which is typically named /deltanji.

When the 'Password' authentication method is being used the standard InterSystems dialogs are displayed for obtaining credentials and for handling any mandatory changing of password at login time. Optionally, Deltanji variants of these dialogs can be specified as follows.

1. Ensure that the InterSystems account under which your CSP Web Gateway initially authenticates to Caché (typically the CSPSystem account) has READ permission on your DELTANJI database. For instance, if the DELTANJI database is controlled by the %DB_DELTANJI resource, either grant the account the associated %DB_DELTANJI role, or set a public READ permission on the %DB_DELTANJI resource.If this is not done, all users of the Deltanji web UI are likely to get HTTP 404 errors. If changes have to be made in Portal it may be necessary to close existing connections from the web server to the Caché server before the changes take effect.

2. Alter the Deltanji web application in Management Portal to use the following classes for its custom pages:

  • Login Page: Client.Login.cls
  • Change Password Page: Client.PasswordChange.cls

The Deltanji variants of these pages display the Deltanji site title in their titlebar and do not show the Caché instance name.


See Also: Users and Access Controls, Managing Users and Access Controls