STANDARD DATA DICTIONARY #1.6 -- POLICY FILE 6/27/25 PAGE 1
STORED IN ^DIAC(1.6, *** NO DATA STORED YET *** SITE: WWW.BMIRWIN.COM UCI: VISTA,VISTA (VERSION 22.2)
DATA NAME GLOBAL DATA
ELEMENT TITLE LOCATION TYPE
-----------------------------------------------------------------------------------------------------------------------------------
This file holds sets of rules that define a user's authorization to access data stored in VistA. It supports an attribute-based
utility that VistA applications can use to permit or deny access to an individual record in a file. Rules can be combined as needed
to create simple or very complex policies; policies can themselves be organized into policy sets.
A policy or set can be tied to an action on a particular VistA file in the Application Action file #1.61; member policies are then
evaluated in sequence, drilling down the Member hierarchy to each rule. Every policy or rule whose 'target' attributes match the
record will be applied; those that do not match are simply skipped. Matching rules may have additional conditions that are
evaluated, to determine a result of Permit or Deny. Each policy can have a result function that determines when evaluation is
satisfied (for example, as soon as a rule returns Permit).
DD ACCESS: @
WR ACCESS: #
DEL ACCESS: @
LAYGO ACCESS: #
IDENTIFIED BY: TYPE (#.02)[R]
POINTED TO BY: MEMBER field (#.01) of the MEMBERS sub-field (#1.601) of the POLICY File (#1.6)
POLICY field (#.05) of the APPLICATION ACTION File (#1.61)
CROSS
REFERENCED BY: MEMBER(AD), NAME(B)
LAST MODIFIED: AUG 30,2017@14:48:40
1.6,.01 NAME 0;1 FREE TEXT (Required)
INPUT TRANSFORM: D CHKNAME^DIACX(1.6) I $D(X) K:$L(X)>30!($L(X)<3)!'(X'?1P.E) X
MAXIMUM LENGTH: 30
LAST EDITED: DEC 22, 2016
HELP-PROMPT: Enter a unique name, 3-30 characters, beginning with the package namespace.
DESCRIPTION: The formal unique name of the policy, prefaced with the package namespace specified in the PACKAGE
file, or the letter Z or A.
NOTES: XXXX--CAN'T BE ALTERED EXCEPT BY PROGRAMMER
CROSS-REFERENCE: 1.6^B
1)= S ^DIAC(1.6,"B",$E(X,1,30),DA)=""
2)= K ^DIAC(1.6,"B",$E(X,1,30),DA)
1.6,.02 TYPE 0;2 SET (Required)
'R' FOR rule;
'P' FOR policy;
'S' FOR set;
LAST EDITED: SEP 13, 2016
HELP-PROMPT: Specify a type for this policy.
DESCRIPTION: This field determines the type of policy to be evaluated. This file is a self-referring hierarchy,
grouped via Members by type:
R = Rule, a single logical statement that evaluates to true or false, permitting or denying access
to the record
P = Policy, a collection of rules that define access to the record
S = Set, a collection of policies or other sets as needed
1.6,.03 DISABLE 0;3 SET
'1' FOR YES;
'0' FOR NO;
LAST EDITED: FEB 08, 2017
HELP-PROMPT: Enter YES to disable use of this policy and its members.
DESCRIPTION: A true (1) value indicates that this policy or rule is not to be used.
If it is encountered while processing an ancestor policy or set, this policy and its descendants
will be ignored and the result unchanged.
If this policy is the primary or default for an action, no processing will occur and the result
will be indeterminate.
1.6,.04 ATTRIBUTE FUNCTION 0;4 POINTER TO POLICY FUNCTION FILE (#1.62)
INPUT TRANSFORM: S DIC("S")="I $P(^(0),U,3)=""A""" D ^DIC K DIC S DIC=DIE,X=+Y K:Y<0 X
LAST EDITED: NOV 15, 2016
HELP-PROMPT: Select the function that pulls needed values from each record.
DESCRIPTION: This is an application-defined function that will populate the DIVAL array with target values from
the record that are needed to evaluate the policy, in the form DIVAL("attribute")="value". Because
the Target attributes must have a value defined, use a string such as 'null' to represent the empty
string.
SCREEN: S DIC("S")="I $P(^(0),U,3)=""A"""
EXPLANATION: Only Attribute Functions may be selected.
1.6,.05 TARGET CONJUNCTION 0;5 SET
'&' FOR AND;
'!' FOR OR;
LAST EDITED: JUL 29, 2016
HELP-PROMPT: Indicate if all targets must match (&) or if any one (!) will suffice.
DESCRIPTION: The conjunction indicates how multiple target attributes will be handled, when determining if a
policy applies to a record. AND will require all targets to match the record, otherwise the policy
will not apply; OR will be satisfied if any one of the values matches.
1.6,.06 CONDITION CONJUNCTION 0;6 SET
'&' FOR AND;
'!' FOR OR;
LAST EDITED: JUL 29, 2016
HELP-PROMPT: Indicate if all conditions must be true (&) or if any one (!) will suffice.
DESCRIPTION: The conjunction indicates how multiple condition results will be handled, when determining the
result of a rule. AND will require all results to be true, otherwise the rule will fail; OR will be
satisfied if any one of the conditions is true.
1.6,.07 RESULT FUNCTION 0;7 POINTER TO POLICY FUNCTION FILE (#1.62)
INPUT TRANSFORM: S DIC("S")="I $P(^(0),U,3)=""R""" D ^DIC K DIC S DIC=DIE,X=+Y K:Y<0 X
LAST EDITED: JUL 29, 2016
HELP-PROMPT: Select the function that determines when processing for this policy is done.
DESCRIPTION: This is a function that determines when processing of the current policy or set should cease. It is
executed after each member rule or policy is processed, using the value of the DIRESULT variable;
some functions may also assign a default value to DIRESULT, if it is undetermined or null.
SCREEN: S DIC("S")="I $P(^(0),U,3)=""R"""
EXPLANATION: Only Result Functions may be selected.
1.6,.08 RESULT 0;8 SET
'P' FOR PERMIT;
'D' FOR DENY;
LAST EDITED: DEC 01, 2016
HELP-PROMPT: Select the result to return, if the rule evaluates to true.
DESCRIPTION: This is the effect of the rule, i.e. the result to be returned, if the rule is determined to be
true.
1.6,1 DESCRIPTION 1;0 WORD-PROCESSING #1.6011 (IGNORE "|")
DESCRIPTION:
This field contains a brief description of the rule or policy.
LAST EDITED: JUL 29, 2016
HELP-PROMPT: Enter a description of this policy.
DESCRIPTION:
This field contains a brief description of the rule or policy.
1.6,2 TARGETS 2;0 Multiple #1.602
LAST EDITED: JUL 08, 2016
DESCRIPTION: This sub-file is a list of attributes, or targets, that must match the record for this policy to
apply. A member policy or rule with no targets will be evaluated as a match and applied to the
record.
IDENTIFIED BY:
"W1": W $P(^(0),U,2)," ",$P(^(0),U,3)
INDEXED BY: ATTRIBUTE & VALUE (AKEY)
1.602,.01 TARGET 0;1 NUMBER (Multiply asked)
INPUT TRANSFORM: K:+X'=X!(X>999)!(X<1)!(X?.E1"."1N.N) X
LAST EDITED: OCT 20, 2016
HELP-PROMPT: Enter a number from 1-999 to identify this target attribute and value.
DESCRIPTION: This is a number that simply serves as an identifier for this target; it has no inherent meaning
or other use besides facilitating management of multiple targets, especially with OR'd values for
the same attribute.
CROSS-REFERENCE: 1.602^B
1)= S ^DIAC(1.6,DA(1),2,"B",$E(X,1,30),DA)=""
2)= K ^DIAC(1.6,DA(1),2,"B",$E(X,1,30),DA)
1.602,.02 ATTRIBUTE 0;2 FREE TEXT (Required)
INPUT TRANSFORM: K:$L(X)>30!($L(X)<1) X
MAXIMUM LENGTH: 30
LAST EDITED: NOV 17, 2016
HELP-PROMPT: Answer must be 1-30 characters in length.
DESCRIPTION: This is the name of an attribute in the record being evaluated. It should be the same as the
subscript used by the Attribute Function to populate the DIVAL("attribute")="value" array.
RECORD INDEXES: AKEY (#973)
1.602,.03 VALUE 0;3 FREE TEXT (Required)
INPUT TRANSFORM: K:$L(X)>60!($L(X)<1) X
MAXIMUM LENGTH: 60
LAST EDITED: NOV 17, 2016
HELP-PROMPT: Answer must be 1-60 characters in length.
DESCRIPTION: This is the desired or relevant value of the target attribute, that must match the record for the
rule or policy to be applied. Every attribute must have a value; use a string such as 'null' to
represent the emptry string.
RECORD INDEXES: AKEY (#973)
1.6,3 CONDITIONS 3;0 Multiple #1.603
LAST EDITED: JUL 08, 2016
DESCRIPTION:
This sub-file is a list of conditions to be evaluated, for rules that apply to the record.
IDENTIFIED BY:
"W1": W $P(^(0),U,2)," ",$P(^(0),U,3)
1.603,.01 CONDITION 0;1 NUMBER (Multiply asked)
INPUT TRANSFORM: K:+X'=X!(X>999)!(X<1)!(X?.E1"."1N.N) X
LAST EDITED: OCT 20, 2016
HELP-PROMPT: Enter a number from 1-999 to identify this condition.
DESCRIPTION: This is a number that simply serves as an identifier for this condition; it has no inherent
meaning or other use besides facilitating management of multiple conditions, especially with OR'd
values for the same function.
CROSS-REFERENCE: 1.603^B
1)= S ^DIAC(1.6,DA(1),3,"B",$E(X,1,30),DA)=""
2)= K ^DIAC(1.6,DA(1),3,"B",$E(X,1,30),DA)
1.603,.02 FUNCTION 0;2 POINTER TO POLICY FUNCTION FILE (#1.62) (Required)
INPUT TRANSFORM: S DIC("S")="I $P(^(0),U,3)=""C""" D ^DIC K DIC S DIC=DIE,X=+Y K:Y<0 X
LAST EDITED: DEC 05, 2016
HELP-PROMPT: Select the function that performs the desired check or comparison.
DESCRIPTION: This is a function that performs a check or comparison other than strict equality; it may check
if a date is in the past, or see if a user holds a given key, for example. Applications may
define their own functions to look for needed conditions.
SCREEN: S DIC("S")="I $P(^(0),U,3)=""C"""
EXPLANATION: Only Condition Functions may be selected.
1.603,.03 VALUE 0;3 FREE TEXT
INPUT TRANSFORM: K:$L(X)>60!($L(X)<1) X
MAXIMUM LENGTH: 60
LAST EDITED: OCT 20, 2016
HELP-PROMPT: Enter the desired value for this condition, up to 60 characters.
DESCRIPTION: This is the optional value that the function will make a comparison to, usually an attribute
external to the data record.
1.6,5 AVAILABLE FIELDS 5;1 FREE TEXT
INPUT TRANSFORM: K:$L(X)>245!($L(X)<1) X
MAXIMUM LENGTH: 245
LAST EDITED: OCT 19, 2016
HELP-PROMPT: Enter a valid DR string, up to 245 characters.
DESCRIPTION: This is a string of field numbers, delimited by semi-colons, that can be used as the DR variable
for FileMan api's; see the VA FileMan Programmer Manual for further details.
This string will be returned to the client if a permit result is found, to identify the fields that
are allowed to be viewed or acted on. It does not need to be set at every level of a policy; the
lowest level of the hierarchy will take precedence, for example the DR string saved with the rule
that granted permission would be returned over a default string saved with the primary policy or
associated Application Action.
1.6,5.1 ADDITIONAL FIELDS 5.1;0 Multiple #1.605 (Add New Entry without Asking)
DESCRIPTION: This multiple holds additional DR strings as needed, such as the fields that may be accessed in a
sub-file. To save a continuation string for the top-level file, enter the primary file number for
this policy.
1.605,.01 SUBFILE# 0;1 NUMBER (Multiply asked)
INPUT TRANSFORM: K:+X'=X!(X>9999999.9999999)!(X<0)!(X?.E1"."8N.N) X
LAST EDITED: DEC 23, 2016
HELP-PROMPT: Enter a valid VistA file or sub-file number, up to 9999999.9999999.
DESCRIPTION:
This is a number that represents a valid VistA file or sub-file.
CROSS-REFERENCE: 1.605^B
1)= S ^DIAC(1.6,DA(1),5.1,"B",$E(X,1,30),DA)=""
2)= K ^DIAC(1.6,DA(1),5.1,"B",$E(X,1,30),DA)
1.605,.02 LEVEL 0;2 NUMBER (Required)
INPUT TRANSFORM: K:+X'=X!(X>9)!(X<1)!(X?.E1"."1N.N) X
LAST EDITED: JAN 20, 2017
HELP-PROMPT: Type a number between 1 and 9, 0 decimal digits.
DESCRIPTION: This integer is the file level, relative to the FILE# of the action. Enter 1 if this is a
continuation string for FILE#, 2 if this is a DR string for a sub-file, etc.
1.605,.03 SEQUENCE 0;3 NUMBER
INPUT TRANSFORM: K:+X'=X!(X>99)!(X<1)!(X?.E1"."1N.N) X
LAST EDITED: JAN 20, 2017
HELP-PROMPT: Type a number between 1 and 99, 0 decimal digits.
DESCRIPTION:
This is the sequence number for the DR array, if this is a continuation string.
1.605,.04 DR 0;4 FREE TEXT
INPUT TRANSFORM: K:$L(X)>400!($L(X)<1) X
MAXIMUM LENGTH: 400
LAST EDITED: JAN 20, 2017
HELP-PROMPT: Answer must be 1-400 characters in length.
DESCRIPTION: This is a string of field numbers, delimited by semi-colons, that can be used as the DR variable
for FileMan api's; see the VA FileMan Programmer Manual for further details. These strings are
intended to supplement the Available Fields value, as sub-file or continuation strings.
1.6,7 DENY FUNCTION 7;1 POINTER TO POLICY FUNCTION FILE (#1.62)
INPUT TRANSFORM: S DIC("S")="I $P(^(0),U,3)=""O""" D ^DIC K DIC S DIC=DIE,X=+Y K:Y<0 X
LAST EDITED: DEC 01, 2016
HELP-PROMPT: Select the function that performs needed tasks on a deny result.
DESCRIPTION: This is an application-defined function that performs needed tasks on a given result, such as
logging access to a file.
SCREEN: S DIC("S")="I $P(^(0),U,3)=""O"""
EXPLANATION: Only Obligation Functions may be selected.
1.6,7.1 DENY MESSAGE 7;2 FREE TEXT
INPUT TRANSFORM: K:$L(X)>200!($L(X)<1) X
MAXIMUM LENGTH: 200
LAST EDITED: OCT 20, 2016
HELP-PROMPT: Enter text to be returned on a deny result, up to 200 characters.
DESCRIPTION: This is text that will be returned in ^TMP("DIMSG",$J) if the result is Deny. All applicable
messages will be included, beginning with the determining rule and continuing back up the hierarchy
in order through its ancestor policies and sets.
1.6,8 PERMIT FUNCTION 8;1 POINTER TO POLICY FUNCTION FILE (#1.62)
INPUT TRANSFORM: S DIC("S")="I $P(^(0),U,3)=""O""" D ^DIC K DIC S DIC=DIE,X=+Y K:Y<0 X
LAST EDITED: DEC 01, 2016
HELP-PROMPT: Select the function that performs needed tasks on a permit result.
DESCRIPTION: This is an application-defined function that performs needed tasks on a given result, such as
logging access to a file.
SCREEN: S DIC("S")="I $P(^(0),U,3)=""O"""
EXPLANATION: Only Obligation Functions may be selected.
1.6,8.1 PERMIT MESSAGE 8;2 FREE TEXT
INPUT TRANSFORM: K:$L(X)>200!($L(X)<1) X
MAXIMUM LENGTH: 200
LAST EDITED: OCT 20, 2016
HELP-PROMPT: Enter text to be returned on a permit result, up to 200 characters.
DESCRIPTION: This is text that will be returned in ^TMP("DIMSG",$J) if the result is Permit. All applicable
messages will be included, beginning with the determining rule and continuing back up the hierarchy
in order through its ancestor policies and sets.
1.6,10 MEMBERS 10;0 POINTER Multiple #1.601
DESCRIPTION: This sub-file is a list of self-referring pointers, the collection of rules for a policy or
policies/sets that make up a policy set.
INDEXED BY: SEQUENCE & MEMBER (AC)
1.601,.01 MEMBER 0;1 POINTER ***** TO AN UNDEFINED FILE (#1.6), STORED IN ^DIAC(1.6) *******
(Multiply asked)
INPUT TRANSFORM: S DIC("S")=$$SCR^DIACX D ^DIC K DIC S DIC=DIE,X=+Y K:Y<0 X
LAST EDITED: NOV 16, 2016
HELP-PROMPT: Enter a policy, set, or rule that is not an ancestor of this item.
DESCRIPTION: This is a Policy entry that is subordinate to the current policy or set. A Policy may only have
Rules for members, while a Policy Set may contain either policies or other sets; Rules do not
have members.
SCREEN: S DIC("S")=$$SCR^DIACX
EXPLANATION: Members of a policy must be rules; sets may include policies or other sets. Rules may not have memb
ers.
CROSS-REFERENCE:1.601^B
1)= S ^DIAC(1.6,DA(1),10,"B",$E(X,1,30),DA)=""
2)= K ^DIAC(1.6,DA(1),10,"B",$E(X,1,30),DA)
CROSS-REFERENCE:1.6^AD
1)= S ^DIAC(1.6,"AD",$E(X,1,30),DA(1),DA)=""
2)= K ^DIAC(1.6,"AD",$E(X,1,30),DA(1),DA)
Links members to a parent policy, for looking up the tree; used by the Input Transform to prevent
an infinite loop in the hierarchy.
RECORD INDEXES: AC (#972)
1.601,.02 SEQUENCE 0;2 NUMBER (Required)
INPUT TRANSFORM:K:+X'=X!(X>999)!(X<1)!(X?.E1"."3N.N)!$D(^DIAC(1.6,DA(1),10,"AC",X)) X
LAST EDITED: DEC 14, 2016
HELP-PROMPT: Type a unique number between 1 and 999, 2 decimal digits.
DESCRIPTION: This is the order in which these rules or policies should be evaluated. If a member rule or policy
is not applicable, or the result function is not satisfied after evaluation, processing will
continue onto the next sibling member in sequence order.
EXECUTABLE HELP:D SEQ^DIACX
NOTES: XXXX--CAN'T BE ALTERED EXCEPT BY PROGRAMMER
RECORD INDEXES: AC (#972)
FILES POINTED TO FIELDS
POLICY FUNCTION (#1.62) ATTRIBUTE FUNCTION (#.04)
RESULT FUNCTION (#.07)
DENY FUNCTION (#7)
PERMIT FUNCTION (#8)
CONDITIONS:FUNCTION (#.02)
}UNDEFINED FILE (#1.6) MEMBERS:MEMBER (#.01)
Subfile #1.601
Record Indexes:
AC (#972) RECORD REGULAR IR SORTING ONLY
Short Descr: Find Members by Sequence
Description: Used in policy evaluation, to find and process member policies in the specified sequence.
Set Logic: S ^DIAC(1.6,DA(1),10,"AC",X(1),X(2),DA)=""
Kill Logic: K ^DIAC(1.6,DA(1),10,"AC",X(1),X(2),DA)
Whole Kill: K ^DIAC(1.6,DA(1),10,"AC")
X(1): SEQUENCE (1.601,.02) (Subscr 1) (forwards)
X(2): MEMBER (1.601,.01) (Subscr 2) (forwards)
Subfile #1.602
Record Indexes:
AKEY (#973) RECORD REGULAR IR SORTING ONLY
Short Descr: List target keys and values
Description: Used in policy evaluation, to quickly find and match the target attributes to the record values in
DIVAL(attribute)=value.
Set Logic: S ^DIAC(1.6,DA(1),2,"AKEY",$E(X(1),1,30),$E(X(2),1,30),DA)=""
Kill Logic: K ^DIAC(1.6,DA(1),2,"AKEY",$E(X(1),1,30),$E(X(2),1,30),DA)
Whole Kill: K ^DIAC(1.6,DA(1),2,"AKEY")
X(1): ATTRIBUTE (1.602,.02) (Subscr 1) (Len 30) (forwards)
X(2): VALUE (1.602,.03) (Subscr 2) (Len 30) (forwards)
INPUT TEMPLATE(S):
PRINT TEMPLATE(S):
SORT TEMPLATE(S):
FORM(S)/BLOCK(S):
DIAC POLICY SEP 30, 2016@08:59 USER #0
DIAC POLICY HEADER DD #1.6
DIAC POLICY 1 DD #1.6
DIAC TARGETS DD #1.602
DIAC POLICY 1A DD #1.6
DIAC POLICY 2 DD #1.6
DIAC MEMBERS DD #1.601
DIAC POLICY 3 DD #1.6
DIAC POLICY 3.1 DD #1.605
DIAC RULE OCT 07, 2016@16:13 USER #0
DIAC POLICY 1 DD #1.6
DIAC TARGETS DD #1.602
DIAC RULE HEADER DD #1.6
DIAC POLICY 1A DD #1.6
DIAC RULE 2 DD #1.6
DIAC CONDITIONS DD #1.603
DIAC POLICY 3 DD #1.6
DIAC POLICY 3.1 DD #1.605
DIAC SET OCT 07, 2016@15:51 USER #0
DIAC POLICY 1 DD #1.6
DIAC TARGETS DD #1.602
DIAC SET HEADER DD #1.6
DIAC POLICY 1A DD #1.6
DIAC MEMBERS DD #1.601
DIAC SET 2 DD #1.6
DIAC POLICY 3 DD #1.6
DIAC POLICY 3.1 DD #1.605