Home Package List Routine Alphabetical List Global Alphabetical List FileMan Files List FileMan Sub-Files List Package Component Lists Package-Namespace Mapping

Info | Desc | Pointed To By FileMan Files | Pointer To FileMan Files | Fields

Print Page as PDF

Global: ^DIAC(1.6

Package: VA FileMan

Global: ^DIAC(1.6

Information

FileMan FileNo	FileMan Filename	Package
1.6	POLICY	VA FileMan

Description

This file holds sets of rules that define a user's authorization to access data stored in VistA. It supports an attribute-based utility that VistA applications can use to permit or deny access to an individual record in a file. Rules can be combined as needed to create simple or very complex policies; policies can themselves be organized into policy sets. A policy or set can be tied to an action on a particular VistA file in the Application Action file #1.61; member policies are then evaluated in sequence, drilling down the Member hierarchy to each rule. Every policy or rule whose 'target' attributes match the record will be applied; those that do not match are simply skipped. Matching rules may have additional conditions that are evaluated, to determine a result of Permit or Deny. Each policy can have a result function that determines when evaluation is satisfied (for example, as soon as a rule returns Permit).

Pointed To By FileMan Files, Total: 2

Package	Total	FileMan Files
VA FileMan	2	POLICY(#1.6)[#1.601(.01)] APPLICATION ACTION(#1.61)[.05]

Pointer To FileMan Files, Total: 2

Package	Total	FileMan Files
VA FileMan	2	POLICY(#1.6)[#1.601(.01)] POLICY FUNCTION(#1.62)[.04, .07, 7, 8, #1.603(.02)]

Fields, Total: 18

Field #	Name	Loc	Type	Details
.01	NAME	0;1	FREE TEXT	**********************REQUIRED FIELD********************** INPUT TRANSFORM: `D CHKNAME^DIACX(1.6) I $D(X) K:$L(X)>30!($L(X)<3)!'(X'?1P.E) X` `MAXIMUM LENGTH: 30` LAST EDITED: `DEC 22, 2016` HELP-PROMPT: `Enter a unique name, 3-30 characters, beginning with the package namespace.` DESCRIPTION: `The formal unique name of the policy, prefaced with the package namespace specified in the PACKAGE file, or the letter Z or A.` NOTES: `XXXX--CAN'T BE ALTERED EXCEPT BY PROGRAMMER` CROSS-REFERENCE: `1.6^B` `1)= S ^DIAC(1.6,"B",$E(X,1,30),DA)=""` `2)= K ^DIAC(1.6,"B",$E(X,1,30),DA)`
.02	TYPE	0;2	SET	**********************REQUIRED FIELD********************** 'R' FOR rule; 'P' FOR policy; 'S' FOR set; LAST EDITED: `SEP 13, 2016` HELP-PROMPT: `Specify a type for this policy.` DESCRIPTION: `This field determines the type of policy to be evaluated. This file is a self-referring hierarchy, grouped via Members by type:` `R = Rule, a single logical statement that evaluates to true or false, permitting or denying access to the record` `P = Policy, a collection of rules that define access to the record` `S = Set, a collection of policies or other sets as needed`
.03	DISABLE	0;3	SET	'1' FOR YES; '0' FOR NO; LAST EDITED: `FEB 08, 2017` HELP-PROMPT: `Enter YES to disable use of this policy and its members.` DESCRIPTION: `A true (1) value indicates that this policy or rule is not to be used.` `If it is encountered while processing an ancestor policy or set, this policy and its descendants will be ignored and the result unchanged.` `If this policy is the primary or default for an action, no processing will occur and the result will be indeterminate.`
.04	ATTRIBUTE FUNCTION	0;4	POINTER TO POLICY FUNCTION FILE (#1.62)	POLICY FUNCTION(#1.62) INPUT TRANSFORM: `S DIC("S")="I $P(^(0),U,3)=""A""" D ^DIC K DIC S DIC=DIE,X=+Y K:Y<0 X` LAST EDITED: `NOV 15, 2016` HELP-PROMPT: `Select the function that pulls needed values from each record.` DESCRIPTION: `This is an application-defined function that will populate the DIVAL array with target values from the record that are needed to evaluate the policy, in the form DIVAL("attribute")="value". Because the Target attributes` `must have a value defined, use a string such as 'null' to represent the empty string.` SCREEN: `S DIC("S")="I $P(^(0),U,3)=""A"""` EXPLANATION: `Only Attribute Functions may be selected.`
.05	TARGET CONJUNCTION	0;5	SET	'&' FOR AND; '!' FOR OR; LAST EDITED: `JUL 29, 2016` HELP-PROMPT: `Indicate if all targets must match (&) or if any one (!) will suffice.` DESCRIPTION: `The conjunction indicates how multiple target attributes will be handled, when determining if a policy applies to a record. AND will require all targets to match the record, otherwise the policy will not apply; OR will be` `satisfied if any one of the values matches.`
.06	CONDITION CONJUNCTION	0;6	SET	'&' FOR AND; '!' FOR OR; LAST EDITED: `JUL 29, 2016` HELP-PROMPT: `Indicate if all conditions must be true (&) or if any one (!) will suffice.` DESCRIPTION: `The conjunction indicates how multiple condition results will be handled, when determining the result of a rule. AND will require all results to be true, otherwise the rule will fail; OR will be satisfied if any one of the` `conditions is true.`
.07	RESULT FUNCTION	0;7	POINTER TO POLICY FUNCTION FILE (#1.62)	POLICY FUNCTION(#1.62) INPUT TRANSFORM: `S DIC("S")="I $P(^(0),U,3)=""R""" D ^DIC K DIC S DIC=DIE,X=+Y K:Y<0 X` LAST EDITED: `JUL 29, 2016` HELP-PROMPT: `Select the function that determines when processing for this policy is done.` DESCRIPTION: `This is a function that determines when processing of the current policy or set should cease. It is executed after each member rule or policy is processed, using the value of the DIRESULT variable; some functions may also` `assign a default value to DIRESULT, if it is undetermined or null.` SCREEN: `S DIC("S")="I $P(^(0),U,3)=""R"""` EXPLANATION: `Only Result Functions may be selected.`
.08	RESULT	0;8	SET	'P' FOR PERMIT; 'D' FOR DENY; LAST EDITED: `DEC 01, 2016` HELP-PROMPT: `Select the result to return, if the rule evaluates to true.` DESCRIPTION: `This is the effect of the rule, i.e. the result to be returned, if the rule is determined to be true.`
1	DESCRIPTION	1;0	WORD-PROCESSING #1.6011	DESCRIPTION: `This field contains a brief description of the rule or policy.` LAST EDITED: `JUL 29, 2016` HELP-PROMPT: `Enter a description of this policy.` DESCRIPTION: `This field contains a brief description of the rule or policy.`
2	TARGETS	2;0	Multiple #1.602	1.602 LAST EDITED: `JUL 08, 2016` DESCRIPTION: `This sub-file is a list of attributes, or targets, that must match the record for this policy to apply. A member policy or rule with no targets will be evaluated as a match and applied to the record.` IDENTIFIED BY: `"W1": W $P(^(0),U,2)," ",$P(^(0),U,3)` INDEXED BY: `ATTRIBUTE & VALUE (AKEY)`
3	CONDITIONS	3;0	Multiple #1.603	1.603 LAST EDITED: `JUL 08, 2016` DESCRIPTION: `This sub-file is a list of conditions to be evaluated, for rules that apply to the record.` IDENTIFIED BY: `"W1": W $P(^(0),U,2)," ",$P(^(0),U,3)`
5	AVAILABLE FIELDS	5;1	FREE TEXT	INPUT TRANSFORM: `K:$L(X)>245!($L(X)<1) X` `MAXIMUM LENGTH: 245` LAST EDITED: `OCT 19, 2016` HELP-PROMPT: `Enter a valid DR string, up to 245 characters.` DESCRIPTION: `This is a string of field numbers, delimited by semi-colons, that can be used as the DR variable for FileMan api's; see the VA FileMan Programmer Manual for further details.` `This string will be returned to the client if a permit result is found, to identify the fields that are allowed to be viewed or acted on. It does not need to be set at every level of a policy; the lowest level of the` `hierarchy will take precedence, for example the DR string saved with the rule that granted permission would be returned over a default string saved with the primary policy or associated Application Action.`
5.1	ADDITIONAL FIELDS	5.1;0	Multiple #1.605	1.605 DESCRIPTION: `This multiple holds additional DR strings as needed, such as the fields that may be accessed in a sub-file. To save a continuation string for the top-level file, enter the primary file number for this policy.`
7	DENY FUNCTION	7;1	POINTER TO POLICY FUNCTION FILE (#1.62)	POLICY FUNCTION(#1.62) INPUT TRANSFORM: `S DIC("S")="I $P(^(0),U,3)=""O""" D ^DIC K DIC S DIC=DIE,X=+Y K:Y<0 X` LAST EDITED: `DEC 01, 2016` HELP-PROMPT: `Select the function that performs needed tasks on a deny result.` DESCRIPTION: `This is an application-defined function that performs needed tasks on a given result, such as logging access to a file.` SCREEN: `S DIC("S")="I $P(^(0),U,3)=""O"""` EXPLANATION: `Only Obligation Functions may be selected.`
7.1	DENY MESSAGE	7;2	FREE TEXT	INPUT TRANSFORM: `K:$L(X)>200!($L(X)<1) X` `MAXIMUM LENGTH: 200` LAST EDITED: `OCT 20, 2016` HELP-PROMPT: `Enter text to be returned on a deny result, up to 200 characters.` DESCRIPTION: `This is text that will be returned in ^TMP("DIMSG",$J) if the result is Deny. All applicable messages will be included, beginning with the determining rule and continuing back up the hierarchy in order through its ancestor` `policies and sets.`
8	PERMIT FUNCTION	8;1	POINTER TO POLICY FUNCTION FILE (#1.62)	POLICY FUNCTION(#1.62) INPUT TRANSFORM: `S DIC("S")="I $P(^(0),U,3)=""O""" D ^DIC K DIC S DIC=DIE,X=+Y K:Y<0 X` LAST EDITED: `DEC 01, 2016` HELP-PROMPT: `Select the function that performs needed tasks on a permit result.` DESCRIPTION: `This is an application-defined function that performs needed tasks on a given result, such as logging access to a file.` SCREEN: `S DIC("S")="I $P(^(0),U,3)=""O"""` EXPLANATION: `Only Obligation Functions may be selected.`
8.1	PERMIT MESSAGE	8;2	FREE TEXT	INPUT TRANSFORM: `K:$L(X)>200!($L(X)<1) X` `MAXIMUM LENGTH: 200` LAST EDITED: `OCT 20, 2016` HELP-PROMPT: `Enter text to be returned on a permit result, up to 200 characters.` DESCRIPTION: `This is text that will be returned in ^TMP("DIMSG",$J) if the result is Permit. All applicable messages will be included, beginning with the determining rule and continuing back up the hierarchy in order through its` `ancestor policies and sets.`
10	MEMBERS	10;0	POINTER Multiple #1.601	1.601 DESCRIPTION: `This sub-file is a list of self-referring pointers, the collection of rules for a policy or policies/sets that make up a policy set.` INDEXED BY: `SEQUENCE & MEMBER (AC)`

Info | Desc | Pointed To By FileMan Files | Pointer To FileMan Files | Fields