esi-security

esi-security library provides helper functionality to create profiles and security references

Available functions

All functions have to be called according to the ESI standard, using colons, e.g. lib:FUNCTIONNAME(params)

HAS_SECURITY_REFERENCES

UPSERT_SECURITY_REFERENCES

SET_SECURITY_MASTER

SET_SECURITY_LOCAL

Documentation

HAS_SECURITY_REFERENCES(refObject)

This method checks if an object has security references

Parameters

refObject

the inmation object that is checked for security references

Returns

  • bool true if object has security references

  • table table with all security references of this object

Usage

local LIB = require "esi-security"
local coreObj = syslib.getobject("/System/Core")
local hasSecRefs, secRefs = LIB:HAS_SECURITY_REFERENCES(coreObj)

UPSERT_SECURITY_REFERENCES(refObjects,profilesWithRefs)

This method upserts security references for list of provided objects, and will apply all provided profiles to each object.

Converts possible inherited references of parent to explicit reference to referenced object Add list references to parent if needed Add possible implicit list references of children to referenced object

Parameters

refObjects

List of inmation objects, that will receive security references

profiles

List of objects of type profile, in syslib.mass format.

Usage

local LIB = require "esi-security"
local refObjects = { syslib.getobject("/System/Core"), syslib.getobject("/MY_ENTERPRISE") }
local ModelAccess = syslib.model.flags.ProfileModelAccess
local UserAccess = syslib.model.flags.ProfileUserAccessControl
local SecurityAtts = syslib.model.flags.SecurityAttributes
local profiles = {
{
["ObjectName"] = "Global-Readers",
class = syslib.model.classes.Profile,
["ProfileUserAccess"] = UserAccess.USR_ACC_CTRL_DATA_STUDIO | UserAccess.USR_ACC_CTRL_DATA_WEB,
["ProfileModelAccess"] = ModelAccess.PRF_MDL_ACC_IO | ModelAccess.PRF_MDL_ACC_KPI,
securityRefs = {
value = SecurityAtts.LIST | SecurityAtts.READ | SecurityAtts.INHERITABLE
}
}
}
lib:UPSERT_SECURITY_REFERENCES(refObjects, profiles)

SET_SECURITY_MASTER(args)

This method creates profiles and security references for a Master-Core object.

Parameters

args

table containing method parameters

adname

Name for active directory, that created groups are part of.

groupprefix

Prefix for active directory groups.

emg_user

Username of an emergency user, that is unrelated to the active directory.

emg_user_description

Description for the emergency user.

hasEngineers

If non-nil, result will include 2 reader profiles (one with DataStudio 'readers', one without DataStudio permissions 'engineers'). If nil, the 'readers' profile has permissions for DataStudio.

spprefix

Prefix for service users. If not set, the prefix "FU" will be used.

Usage

local LIB = require "esi-security"
local args = {
adname = "mycorp.com",
groupprefix = "G-MYPREFIX",
emg_user = "emg_user",
emg_user_description = "this is the emergency user for mycorp.com",
}
LIB:SET_SECURITY_MASTER(args)

SET_SECURITY_LOCAL(args)

This method creates profiles and security references for a Local-Core object.

Parameters

args

table containing method parameters

adname

Name for active directory, that created groups are part of.

groupprefix

Prefix for active directory groups.

shortcode

Shortcode for the Local-Core object (shortcode == Core ObjectName)

hasEngineers

If non-nil, result will include 2 reader profiles (one with DataStudio 'readers', one without DataStudio permissions 'engineers'). If nil, the 'readers' profile has permissions for DataStudio.

spprefix

Prefix for service users. If not set, the prefix "FU" will be used.

hasVkpi

If non-nil, a VKPI profile will be created for each site

hasMES

If non-nil, an MES profile will be created for each site

Usage

local LIB = require "esi-security"
local args = {
adname = "mycorp.com",
groupprefix = "G-MYPREFIX",
shortcode = "MYSITE",
}
LIB:SET_SECURITY_LOCAL(args)