0
0
Question Yone Moreno Jiménez · Jul 15

Read-Only Role for HealthShare Messaging and Production Monitoring, to assign it to a new user.

#HealthShare #CSP #Development Environment #Interoperability #Monitoring

Hello InterSystems Community,

I'm working with HealthShare, and need to create a user account for our development environment with specific access requirements. This user will need only to:

    Review messaging and environments
    See production and namespaces
    NOT modify anything (read-only access)

After reviewing the documentation on user roles and rights management, I can see the default roles available in our system include:

Ensemble/Interoperability Roles:

    %EnsRole_Administrator - Interoperability Administrator
    %EnsRole_AlertAdministrator - Interoperability user with administrative Alert access
    %EnsRole_AlertOperator - Interoperability user with Alert access
    %EnsRole_Developer - Interoperability Developer
    %EnsRole_Monitor - Interoperability Monitor
    %EnsRole_Operator - Interoperability Operator

HealthShare Specific Roles:

    %HS_Administrator
    %HS_Clinician
    %HS_Clerical
    Various BFC (Business Function Component) related roles

My Question:

Is there a predefined role in HealthShare that would allow a user to:

    View and navigate through production environments
    Access messaging systems for monitoring/troubleshooting
    Review system status and incidents (event logs)
    BUT prevent any editing or modification capabilities

I'm particularly interested in the %EnsRole_Monitor role - would this be appropriate for read-only access to messaging and production monitoring?

Or should I be looking at creating a custom role by combining specific privileges? If so, what would be the recommended approach for a read-only monitoring user?

Any guidance on best practices for this type of user setup would be greatly appreciated.

Thank you.

I have also read, before asking here:

    https://community.intersystems.com/post/user-roles-and-rights-management
    
    https://docs.intersystems.com/iris20241/csp/docbook/Doc.View.cls?KEY=GS…
    
    https://docs.intersystems.com/iris20241/csp/docbook/Doc.View.cls?KEY=GS…
    

Thank you again sincerely.

Product version: IRIS 2023.1
$ZV: IRIS for UNIX (Red Hat Enterprise Linux 8 for x86-64) 2023.1 (Build 235_1U) Fri Jun 2 2023 13:23:04 EDT
Discussion (0)0
Log in or sign up to continue

Comments

Yone Moreno Jiménez · Jul 15

For example, we have created an user "Reader" 

Who has the custom role "rol_Reader" 

Whose privileges are:

    %DB_%DEFAULT     RW
    %DB_ESBSSCC     R
    %Ens_Portal     R
    %Ens_ProductionConfig     R


    
    
But it can not even activate the Interoperability button:

Why?

How could we solve this?

Thank you for your help!

0