Pesquisar

Anúncio
· Jul. 14

IRISSECURITY

#Segurança #InterSystems IRIS

InterSystems IRIS 2025.2 introduces the IRISSECURITY database, the new home for security data. Unlike IRISSYS, the previous home for security data, IRISSECURITY can be encrypted, which secures your sensitive data at rest. IRISSECURITY cannot be mirrored, but support is planned for a future version.

This version also introduces the %SecurityAdministrator role for general security administration tasks. 

When you upgrade to InterSystems IRIS 2025.2, all security data is automatically moved from IRISSYS to the new IRISSECURITY database. 

Before You Upgrade 

IRISSECURITY makes several potentially breaking changes to how users interact with security data: 

  • Users can no longer directly access security globals and must instead use the APIs provided by the various security classes.
  • OAuth2 globals can no longer be mapped to a different database.
  • Users can no longer arbitrarily query security tables, even when SQL security is disabled. 
  • System databases now use predefined resources that cannot be changed. If you created and assigned a new resource to a system database in a previous version, it will be replaced by the predefined resource when you upgrade. 

The following sections go into detail about these changes and what you should do instead if you depended on the original behavior, but in general, before you upgrade, you should verify and test that your applications and macros: 

  • Use the provided security APIs to administer security (as opposed to direct global access). 
  • Have the necessary permissions (%DB_IRISSYS:R and Admin_Secure:U) for using those APIs. 

Global Access 

Previously, when security globals were stored in the IRISSYS database, users could access security data with the following privileges: 

  • %DB_IRISSYS:R: Read security globals both directly and through security APIs.
  • %DB_IRISSYS:RW: Read and write security globals. 
  • %DB_IRISSYS:RW and Admin_Secure:U: Administer security through security APIs. 

In InterSystems IRIS 2025.2: 

  • Users can no longer access security globals directly.
  • Both %DB_IRISSYS:R and %Admin_Secure:U are the minimum privileges needed to both access security data (through the provided security APIs) and administer security through the various security classes. 
  • For general security administration, you can use the new %SecurityAdministrator role. 
  • Read-only access to security data (previously available through %DB_IRISSYS:R) has been removed. 

OAuth2 Global Mapping

Previously, you could map OAuth2 globals to a different database, which allowed OAuth2 configurations to be mirrored.

In InterSystems IRIS 2025.2, OAuth2 globals can no longer be mapped, and IRISSECURITY cannot be mirrored. If you depended on this behavior for mirroring, you can use any of the following workarounds:

  • Manually make changes to both the primary and failover.
  • Export the settings from the primary and then import them to the failover.

To export OAuth2 configuration data: 

set items = $name(^|"^^:ds:IRISSECURITY"|SECURITY("OAuth2"))_".gbl"
set filename = "/home/oauth2data.gbl"
do $SYSTEM.OBJ.Export(items,filename)

To import OAuth2 configuration data:

do $SYSTEM.OBJ.Import(filename)

SQL Security 

Previously, SQL security was controlled by the CPF parameter DBMSSecurity. When DBMSSecurity was disabled, users with SQL privileges could arbitrarily query all tables in the database. 

In InterSystems IRIS 2025.2:

  • The DBMSSecurity CPF parameter has been replaced with the system-wide SQL security property (accessible from System Administration > Security > System Security > System-wide Security Parameters > Enable SQL security).
  • Security tables can now only be queried through the Detail and List APIs, which require both %DB_IRISSYS:R and %Admin_Secure:U even when SQL security is disabled. 

For example, to get a list of roles, you can no longer directly query the Security.Roles table. Instead, you should use the Security.Roles_List() query:

SELECT Name, Description FROM Security.Roles_List()

Encrypting IRISSECURITY 

To encrypt IRISSECURITY, use the following procedure: 

  1. Create a new encryption key. Go to System Administration > Encryption > Create New Encryption Key File and specify the following:
    • Key File – The name of the encryption key. 
    • Administrator Name – The name of the administrator. 
    • Password – The password for the key file. 
  2. Activate the encryption key. Go to System Administration > Encryption > Database Encryption and select Activate Key, specifying the Key File, Administrator Name, and Password from step 1. 
  3. Go to System Administration > Encryption > Database Encryption and select Configure Startup Settings.
  4. From the Key Activation at Startup dropdown menu, select a key activation method. InterSystems highly recommends Interactive key activation.
  5. From the Encrypt IRISSECURITY Database dropdown, select Yes.
  6. Restart your system to encrypt IRISSECURITY. 

Percent-class Access Rules 

In previous versions of InterSystems IRIS, the procedure for managing a web application’s access to additional percent classes involved writing to security globals. You can accomplish this in InterSystems IRIS 2025.2 through the Management Portal or the ^SECURITY routine. 

Management Portal 

To create a percent-class access rule with the Management Portal: 

  1. Go to System Administration > Security > Web Applications
  2. Select your web application.
  3. In the Percent Class Access tab, set the following options: 
    • Type: Controls whether the rule applies to the application’s access to just the specified percent class (AllowClass) or all classes that contain the specified prefix (AllowPrefix). 
    • Class name: The percent class or prefix to give the application access to. 
    • Allow access: Whether to give the application access to the specified percent class or package. 
    • Add this same access to ALL applications: Whether to apply the rule for all applications. 

^SECURITY 

To create a class access rule with the ^SECURITY routine:

  1. From the %SYS namespace, run the ^SECURITY routine: 
    DO ^SECURITY
  2. Choose options 5, 1, 8, and 1 to enter the class access rule prompt. 
  3. Follow the prompts, specifying the following:
    • Application? – The name of the application. 
    • Allow type? – Whether the rule applies to the application's ability to access a particular class (AllowClass) or all classes that contain the specified prefix (AllowPrefix). 
    • Class or package name? – The class or prefix to give the application access to. 
    • Allow access? – Whether to give the application access to the specified class or package. 
1 novo comentário
Discussão (1)1
Entre ou crie uma conta para continuar
Resumo
· Jul. 14

InterSystems Developers Publications, Week July 07 - 13, 2025, Digest

#Developer Community Oficial #Resumo
Articles
#InterSystems IRIS
#Other
Announcements
#InterSystems IRIS
#Job Wanted
#HealthShare
#IRIS contest
#Developer Community Official
Questions
#InterSystems IRIS
Is there a way to specify a number of IRISDB processes to be kept alive for serving requests and background jobs ?
By Norman W. Freeman
pdf in zen report
By Fabio Garaffoni
FHIR Patient Resource Response does not map to FHIRModel.R4.Patient
By Scott Roth
Enabling Delegated Authentication with IPM via module.xml
By Justin Millette
Error while connecting the studio
By Ashok Kumar T
Why isn't my SearchTable Generating Anything When I Run BuildTable
By Victor Castanon
How to change the Address in InterSystems Trakcare for Objectscript
By steven Henry
how to solve
in logi report
By steven Henry
Seeking Guidance on System Upgrade from Caché to IRIS using ECP
By Infant Livingston
Display date format in DD-MM-YYYY
By steven Henry
Persistent Python DB-API Connection Issues (SSL Error) to IRIS CE Docker despite SSL disabled
By Kunal Tiwari
Repeating message in Studio: "^Sources is not setup so hooks will not work"
By Ronaldo Nascimento
#InterSystems IRIS for Health
#Other
#Ensemble
#Caché
#HealthShare
July 07 - 13, 2025Week at a GlanceInterSystems Developer Community
Anúncio
· Jul. 14
Open Exchange

[Video] Care Compass – InterSystems IRIS powered RAG AI assistant for Care Managers

#Artificial Intelligence (AI) #ChatGPT #Generative AI (GenAI) #InterSystems Demo Games #Vector Search #Vídeo #InterSystems IRIS #InterSystems IRIS for Health

#InterSystems Demo Games entry

⏯️ Care Compass – InterSystems IRIS powered RAG AI assistant for Care Managers

Care Compass is a prototype AI assistant that helps caseworkers prioritize clients by analyzing clinical and social data. Using Retrieval Augmented Generation (RAG) and large language models, it generates narrative risk summaries, calculates dynamic risk scores, and recommends next steps. The goal is to reduce preventable ER visits and support early, informed interventions.

Presenters:
🗣 @Brad Nissenbaum, Sales Engineer, InterSystems
🗣 @Andrew Wardly, Sales Engineer, InterSystems
🗣 @Fan Ji, Solution Developer, InterSystems
🗣 @Lynn Wu, Sales Engineer, InterSystems

🔗  Related resources:

👉 Like this demo? Support the team by voting for it in the Demo Games!

Discussão (0)0
Entre ou crie uma conta para continuar
Anúncio
· Jul. 14

Technology Bonuses for the InterSystems Developer Tools Contest 2025

#Ambiente de Desenvolvimento #DevOps #Ferramentas #IRIS contest

Here are the technology bonuses for the InterSystems Developer Tools Contest 2025 that will give you extra points in the voting:

  • IRIS Vector Search usage -3
  • Embedded Python usage -3
  • InterSystems Interoperability - 3
  • InterSystems IRIS BI - 3
  • VSCode Plugin - 3
  • FHIR Tools - 3
  • Docker container usage -2 
  • ZPM Package Deployment - 2
  • Implement InterSystems Community Idea - 4
  • Find a bug in Embedded Python - 2
  • Article on Developer Community - 2
  • The second article on Developer Community - 1
  • Video on YouTube - 3
  • First Time Contribution - 3

See the details below.<--break->

<--break->IRIS Vector Search - 3 points

Starting from 2024.1 release InterSystems IRIS contains a new technology vector search that allows to build vectors over InterSystems IRIS data and perform search of already indexed vectors. Use it in your solution and collect 3 bonus points. Here is the demo project that leverages it.

Embedded Python - 3 points

Use Embedded Python in your application and collect 3 extra points. You'll need at least InterSystems IRIS 2021.2 for it.

InterSystems Interoperability - 3 points

Make a tool to enhance developer experience or to maintain or monitor or use the InterSystems Interoperability engine.Inteoperability tool example. Interoperability adapter exampleBasic Interoperability template.  Python Interoperability template.

InterSystems IRIS BI - 3 points

Develop a tool that improves the developer experience or uses InterSystems IRIS BI feature of IRIS Platform. Examples: DeepSeeWeb, IRIS BI Utils, AnalyzeThis. IRIS BI Analytics template.

VSCode Plugin - 3 points

Develop a plugin to Visual Studio Code editor that will help developers to develop with InterSystems IRIS. Examples: VSCode ObjectScript, CommentToObjectScript, OEX-VSCode-snippets-Example, irislab, vscode-snippets-template and more.

FHIR Tools - 3 points

Develop a tool that helps to develop and maintain FHIR applications in InterSystems IRIS or help with FHIR enablement tools, such as FHIR SQL Builder, FHIR Object Modeland InterSystems FHIR Server. Here is a basic InterSystems FHIR template and examples of FHIR-related tools.

Docker container usage - 2 points

The application gets a 'Docker container' bonus if it uses InterSystems IRIS  running in a docker container. Here is the simplest template to start from.

ZPM Package deployment - 2 points

You can collect the bonus if you build and publish the ZPM(ObjectScript Package Manager) package for your Full-Stack application so it could be deployed with:

zpm "install your-multi-model-solution"

command on IRIS with ZPM client installed. 

ZPM client. Documentation.

Implement Community Opportunity Idea - 4 points

Implement any related to developer tools idea from the InterSystems Community Ideas portal which has the "Community Opportunity" status. This will give you 4 additional bonus points.

Find a bug in Embedded Python - 2 points
We want the broader adoption of InterSystems Embedded python, so we encourage you to report the bugs you will face during the development of your python application with IRIS in order to fix it. Please submit the bug here in a form of issue and how to reproduce it. You can collect 2 bonus points for the first reproducible bug.

Article on Developer Community - 2 points

Write a brand new article on Developer Community that describes the features of your project and how to work with it. Collect 2 points for the article. 
*This bonus is subject to the discretion of the experts whose decision is final. 

The Second article on Developer Community - 1 point

You can collect one more bonus point for the second article or the translation of the first article. The second article should go into detail about a feature of your project. The 3rd and more articles will not bring more points, but the attention will be all yours. 
*This bonus is subject to the discretion of the experts whose decision is final.

Video on YouTube - 3 points

Make the Youtube video that demonstrates your product in action and collect 3 bonus points per each. Examples.

First-Time Contribution - 3 points

Collect 3 bonus points if you participate in InterSystems Open Exchange contests for the first time!

The list of bonuses is subject to change. Stay tuned!

Good luck with the competition!

Discussão (0)1
Entre ou crie uma conta para continuar
Resumo
· Jul. 14

Publications des développeurs d'InterSystems, semaine Juillet 07 - 13, 2025, Résumé

#Developer Community Oficial #Resumo
Articles
Annonces
#InterSystems IRIS
#Offres d'emploi
Juillet 07 - 13, 2025Week at a GlanceInterSystems Developer Community