Skip to Main Content
InterSystems Ideas
We love hearing from our users. Tell us what you want to see next and upvote ideas from the community.
* Bugs and troubleshooting should as usual go through InterSystems support.
Status Needs review
Categories InterSystems IRIS
Created by Stella Ticker
Created on Dec 6, 2024

Role-Based Access Control for Data and Features

Intersystems IRIS currently supports role-based access control (RBAC) through the use of resources and roles. However, this functionality is not consistently implemented across all features. In some cases, access is granted based on a hardcoded %All role. This means that access to certain resources or data is granted only if a user is assigned the %All role, which is all-powerful and provides unrestricted access. This undermines the principle of least privilege, as users may be granted access to more resources than they need, potentially exposing sensitive data or functionality.

Additionally, there are instances where resource and role assignment mechanisms do not work as intended, which compromises the effectiveness of RBAC. In an era where security threats are increasingly sophisticated and data privacy regulations like HIPAA and GDPR are paramount, ensuring that access controls are strictly role-based is more important than ever.

The rise of health APIs and other sensitive data exchanges further underscores the need for fine-grained RBAC. As healthcare, financial, and other regulated industries handle more interconnected data, it is essential that only authorized personnel have access to specific resources or information.

Enhancing Intersystems IRIS to ensure all access is strictly role-based, with no exceptions for hardcoded permissions like %All, would help ensure better compliance with security principles and regulations, offering administrators full control over user access while adhering to the principle of least privilege.

  • ADMIN RESPONSE
    Dec 7, 2024

    Thank you for submitting the idea. The status has been changed to "Needs review".

    Stay tuned!