--- "K.S. Bhaskar" <[EMAIL PROTECTED]> wrote: > > [KSB] I agree that for actions performed through CPRS, the updates > will > be logged by user vista. In this case, presumably the GT.M journal > files would presumably yield the real user id for audit purposes.
Obviously, when you use CPRS, do *do* sign in to VistA, but this controls access within VistA and has nothing to do with the real uid of the Broker process. It is the VistA user ID (i.e., DUZ) established through the sign-on process that is used for auditing, access control, etc. Obviously, you can write C code to exec a program with the appropriate user id, if the process is sufficiently privileged to do so, but there is no standard way to do this in MUMPS. Perhaps GTM supports an extension allowing you to do this (does it?) but then, you're going to have to do a getpwent, or otherwise have some mapping between file 200 and Unix user ids. That could be done, but is a significant (and very platform specific) shift in architecture. Historically, portability across MUMPS implementations has been one of the guiding principles of VistA, and that obviously complicates this discussion. > > Note, however, that someday (HIPAA-2? 8-]) it may make sense to > enhance > the CPRS GUI protocol and client so that the client provides the > uid/gid > for the server process (this would of course entail the client > providing > appropriate credentials). I don't honestly know whether HIPAA inherently requires the use sytem level security to establish user identity. If VistA were being designed today (frorm the ground up), I think this would be a good thing, but someone else will have to address the HIPAA issue. > > Apropos background Tasks, does Task Manager have the ability to fire > up > a task on demand to take care of a piece of work, rather than calling > on > a task from a pool of tasks? In a word, no. If there are no running submanagers, Taskman will start a new submanager, but the pool is never bypassed, it simply grows and shrinks over time, depending on demand. > If it does, then that's how VistA > should > be deployed on GT.M, Yes, that would seem sensible, but what you're suggesting is a significant design change. > and in that case the tasks will have the userid > of > the user rather than the generic vista userid. I agree, that would be a good thing on platforms where MUMPS jobs are processes at the Unix level and, as you know, system services like cron do just this. > > Note that on UNIX/Linux, all users have shell accounts. But the > system > admin gets to specify what they can do when they log in. > Yes, I was using the term "shell account" rather loosely. === Gregory Woodhouse <[EMAIL PROTECTED]> "Interaction is the mind-body problem of computing." --Philip Wadler ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Hardhats-members mailing list Hardhats-members@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/hardhats-members
