Select the objects that you wish to see in the downloaded PDF
Info Desc Directly Accessed By Routines Pointed To By FileMan Files Pointer To FileMan Files Fields External References Global Variables Directly Accessed Local Variables
This file holds sets of rules that define a user's authorization to access data stored in VistA. It supports an attribute-based utility that VistA applications can use to permit or deny access to an individual record in a file. Rules can be combined as needed to create simple or very complex policies; policies can themselves be organized into policy sets. A policy or set can be tied to an action on a particular VistA file in the Application Action file #1.61; member policies are then evaluated in sequence, drilling down the Member hierarchy to each rule. Every policy or rule whose 'target' attributes match the record will be applied; those that do not match are simply skipped. Matching rules may have additional conditions that are evaluated, to determine a result of Permit or Deny. Each policy can have a result function that determines when evaluation is satisfied (for example, as soon as a rule returns Permit).
INPUT TRANSFORM: S DIC("S")="I $P(^(0),U,3)=""A""" D ^DIC K DIC S DIC=DIE,X=+Y K:Y<0 X
LAST EDITED: NOV 15, 2016
HELP-PROMPT: Select the function that pulls needed values from each record.
DESCRIPTION: This is an application-defined function that will populate the DIVAL array with target values from the record that are needed to evaluate the policy, in the form DIVAL("attribute")="value". Because the Target attributes
must have a value defined, use a string such as 'null' to represent the empty string.
SCREEN: S DIC("S")="I $P(^(0),U,3)=""A"""
EXPLANATION: Only Attribute Functions may be selected.
HELP-PROMPT: Indicate if all targets must match (&) or if any one (!) will suffice.
DESCRIPTION: The conjunction indicates how multiple target attributes will be handled, when determining if a policy applies to a record. AND will require all targets to match the record, otherwise the policy will not apply; OR will be
HELP-PROMPT: Indicate if all conditions must be true (&) or if any one (!) will suffice.
DESCRIPTION: The conjunction indicates how multiple condition results will be handled, when determining the result of a rule. AND will require all results to be true, otherwise the rule will fail; OR will be satisfied if any one of the
INPUT TRANSFORM: S DIC("S")="I $P(^(0),U,3)=""R""" D ^DIC K DIC S DIC=DIE,X=+Y K:Y<0 X
LAST EDITED: JUL 29, 2016
HELP-PROMPT: Select the function that determines when processing for this policy is done.
DESCRIPTION: This is a function that determines when processing of the current policy or set should cease. It is executed after each member rule or policy is processed, using the value of the DIRESULT variable; some functions may also
assign a default value to DIRESULT, if it is undetermined or null.
SCREEN: S DIC("S")="I $P(^(0),U,3)=""R"""
EXPLANATION: Only Result Functions may be selected.
This sub-file is a list of attributes, or targets, that must match the record for this policy to apply. A member policy or rule with no targets will be evaluated as a match and applied to the record.
HELP-PROMPT: Enter a valid DR string, up to 245 characters.
DESCRIPTION: This is a string of field numbers, delimited by semi-colons, that can be used as the DR variable for FileMan api's; see the VA FileMan Programmer Manual for further details.
This string will be returned to the client if a permit result is found, to identify the fields that are allowed to be viewed or acted on. It does not need to be set at every level of a policy; the lowest level of the
hierarchy will take precedence, for example the DR string saved with the rule that granted permission would be returned over a default string saved with the primary policy or associated Application Action.
This multiple holds additional DR strings as needed, such as the fields that may be accessed in a sub-file. To save a continuation string for the top-level file, enter the primary file number for this policy.
HELP-PROMPT: Enter text to be returned on a deny result, up to 200 characters.
DESCRIPTION: This is text that will be returned in ^TMP("DIMSG",$J) if the result is Deny. All applicable messages will be included, beginning with the determining rule and continuing back up the hierarchy in order through its ancestor
HELP-PROMPT: Enter text to be returned on a permit result, up to 200 characters.
DESCRIPTION: This is text that will be returned in ^TMP("DIMSG",$J) if the result is Permit. All applicable messages will be included, beginning with the determining rule and continuing back up the hierarchy in order through its