Role Based Access Control

164 views
Skip to first unread message

Skaks

unread,
Aug 3, 2015, 11:28:44 AM8/3/15
to dcm...@googlegroups.com
Hi, i read about role based access control here: http://www.dcm4che.org/confluence/display/ee2/Configuration+of+Study+Permissions+(Role+Based+Access+Control).

I followed the instructions on how to enable permission on WebInterface (WEB3, versions >=2.17.1):

  1. I created a role named "ct" and assigned it to the Dicom and web groups (with web-permission: Login and Folder read).
  2. I created a user named "ct" and assigned it to "ct" role
  3. Enable Study Permission for WebInterfaceLogin to jmx-console, open dcm4chee.web,service=WebConfig, manageStudyPermissions=true , useStudyPermissions=true
  4. I edited the permission of "ct" user from the WebInterface
  5. I also edited the configuration on series-permission.xsl (in folder dcm4chee-2.17.1-psql\server\default\conf):
<?xml version="1.0" encoding="UTF-8"?>
<!-- Sample configuration for grant/revoke Study Permissions on Series Stored event -->
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
<xsl:output method="xml"/>
<!-- overwritten by application with actual value -->
<xsl:param name="calling" select="'SAMPLE_MOD'" />
<xsl:template match="/dataset">
    
<permissions> 
<xsl:variable name="studyUID" select="attr[@tag='0020000D']" />
<xsl:variable name="seriesMOD" select="attr[@tag='00080060']" />
<xsl:variable name="patIssuer" select="attr[@tag='00100021']" />

<xsl:choose>
<xsl:when test="$seriesMOD='CT' and contains(@patIssuer,'DCM4CHEE')">
<grant role="ct" action="Q,R,A,E" suid="{attr[@tag='0020000D']}"/>
</xsl:when>


<xsl:otherwise>
<grant role= "Unknown" action="Q,R,A,E" suid="{attr[@tag='0020000D']}"/>
</xsl:otherwise>
</xsl:choose>

</permissions>     
</xsl:template>
</xsl:stylesheet>


If i use the WebInterface of DCM4CHE logging as "ct" user i'm able to filter the study for the said user assigned to this role (using "search for Study" query type)
But if i use a Patient query type "search for Patient", i'm able to view all the patients recorded in the system.
Is that a correct behavior?

Besides when i try to use OsiriX to view image according to the Roled Based Access i see again all the studies of the system.


I feel like I'm missing something obvious here but I'm very new to this. any suggestions would be much appreciated.

Thank you in advance for the help

Reply all
Reply to author
Forward
0 new messages