StudyPermissions - How it really work?

[Tiago Vieira]

Hello,

I have searching for all the forums and discussions about studypermissions, but I cannot get this working automatically, I have setup everything to work with study permissions and if I set the permissions manually it works great on Dicom and Web, but I cannot add permissions since the studies are added to DCM4CHEE.

This is what I have made:

 

jmx-console->dcm4chee.archive->service=StudyPermission

UpdateOnSeriesStored= True

UpdateOnNewStudy=True

jmx-console->dcm4chee.archive->service=QueryRetrieveScp e Store_SCP

CallingAETitles: ANY?

UnrestrictedQueryPermissionsToAETitles=DCM4CHEE

UnrestrictedExportPermissionsToAETitles=DCM4CHEE

UnrestrictedReadPermissionsToAETitles=DCM4CHEE

On the AE Titles setup on the dcm4chee webconsole I have add the user and password corresponding and add that user a role.

After that I add the following code on the series-permission.xml

\dcm4chee\server\default\conf\dcm4chee-permission\series-permission.xml

--------------------------------------------------------------------------------------------------------------------

<xsl:variable name="retrievAET" select="attr[@tag='00080054']" />

<xsl:when test="$retrievAET='OSIRIX1'">

                <grant role="WebUser" action="Q,R,E,A,U,D" suid="{attr[@tag='0020000D']}"/>

        </xsl:when>

------------------------------------------------------------------------------------

But when I send some study from OSIRIX1 to DCM4CHEE nothing happen and no permission is added to the study...

So what I´m missing here? How can I add automatically permissions to all studies depending on the source ae title, or Institution name... I see too many examples but they dont work!! .. on my installation.

This is the log when the image is sent to DCM4CHEE:

[org.dcm4chex.archive.hl7.StudyPermissionService] Failed to update permissions on Series stored

java.io.FileNotFoundException: I:\dcm4chee\server\default\conf\dcm4chee-permission\series-permission.xsl

at org.dcm4chex.archive.util.FileUtils.toExistingFile(FileUtils.java:181)

at org.dcm4chex.archive.hl7.StudyPermissionService.xslt(StudyPermissionService.java:549)

at org.dcm4chex.archive.hl7.StudyPermissionService.onSeriesStored(StudyPermissionService.java:507)

at org.dcm4chex.archive.hl7.StudyPermissionService.access$100(StudyPermissionService.java:88)

at org.dcm4chex.archive.hl7.StudyPermissionService$2.handleNotification(StudyPermissionService.java:403)

at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:597)

at org.jboss.mx.notification.NotificationListenerProxy.invoke(NotificationListenerProxy.java:153)

at $Proxy11.handleNotification(Unknown Source)

at org.jboss.mx.util.JBossNotificationBroadcasterSupport.handleNotification(JBossNotificationBroadcasterSupport.java:127)

at org.jboss.mx.util.JBossNotificationBroadcasterSupport.sendNotification(JBossNotificationBroadcasterSupport.java:110)

at org.dcm4chex.archive.dcm.AbstractScpService.sendJMXNotification(AbstractScpService.java:856)

at org.dcm4chex.archive.dcm.storescp.StoreScpService.sendSeriesStoredNotification(StoreScpService.java:932)

at org.dcm4chex.archive.dcm.storescp.StoreScpService.checkPendingSeriesStored(StoreScpService.java:970)

at org.dcm4chex.archive.dcm.storescp.StoreScpService.access$300(StoreScpService.java:109)

at org.dcm4chex.archive.dcm.storescp.StoreScpService$3$1.run(StoreScpService.java:150)

at java.lang.Thread.run(Thread.java:662)

AND

[org.dcm4chex.archive.dcm.storescp.StoreScpService] No permission to append existing Study

org.dcm4che.net.DcmServiceException: No permission to append existing Study

at org.dcm4chex.archive.dcm.storescp.StoreScp.checkAppendPermission(StoreScp.java:910)

at org.dcm4chex.archive.dcm.storescp.StoreScp.doActualCStore(StoreScp.java:510)

at org.dcm4chex.archive.dcm.storescp.StoreScp.doCStore(StoreScp.java:471)

at org.dcm4che.net.DcmServiceBase.c_store(DcmServiceBase.java:116)

at org.dcm4cheri.net.ActiveAssociationImpl.run(ActiveAssociationImpl.java:230)

at org.dcm4cheri.util.LF_ThreadPool.join(LF_ThreadPool.java:174)

at org.dcm4cheri.net.ActiveAssociationImpl.run(ActiveAssociationImpl.java:164)

at org.dcm4cheri.server.DcmHandlerImpl.handle(DcmHandlerImpl.java:249)

at org.dcm4cheri.server.ServerImpl.run(ServerImpl.java:288)

at org.dcm4cheri.util.LF_ThreadPool.join(LF_ThreadPool.java:174)

at org.dcm4cheri.server.ServerImpl$1.run(ServerImpl.java:242)

at java.lang.Thread.run(Thread.java:662) 

Any contribution to understand what is wrong I would appreciate. 

Best Regards,

Tiago Vieira 

[Tiago Vieira]

Ok I found the solution on the forum:

<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">

  <xsl:output method="xml"/>

  <xsl:param name="calling" select="'SAMPLE_MOD'"/>

  <xsl:template match="dataset">

  <xsl:variable name="reqservice" select="string(attr[@tag='00321033'])"/>

    <permissions>

     <xsl:choose>

      <xsl:when test="$calling='HOSPITAL1'">

           <grant role= "HOSP1" action="Q,E,U,D,R,A" suid="{attr[@tag='0020000D']}"/>

        </xsl:when>

       <xsl:when test="$calling='HOSPITAL2'">

           <grant role= "HOSP2" action="Q,E,U,D,R,A" suid="{attr[@tag='0020000D']}"/>

        </xsl:when>

        <xsl:otherwise>

         <grant role= "UNKNOWN" action="Q,E,U,D,R,A" suid="{attr[@tag='0020000D']}"/>

        </xsl:otherwise>

      </xsl:choose>

    </permissions>

  </xsl:template>

</xsl:stylesheet>

 Know when the studies are sent from the ae title is setup the permissions correctly, but the images already added before dont apply the series-permissions, why?

I check the option "UpdateOnSeriesStored= True".

Any help?

Thanks

Tiago

[Fabrizzio Salazar]

do you make it work??

Regards
Fs

[Tiago Vieira]

Hello,

Yes I have the permissions working, I setup the series-permission.xml file to give permissions based on the Institution Name and Ae title, and after that I had setup the username and password on the ae title configuration on the web3 interface.

Then based on the username each ae title only see the studies they have permissions.

Best regards,

Tiago

Sexta-feira, 17 de Janeiro de 2014 18:33:21 UTC, Fabrizzio Salazar escreveu:

do you make it work?

[Fabrizzio Salazar]

i have already work this config in one of my implementations, but the problem is with the stored studies before the permissions modification, what is the function for UpdateOnSeriesStored= True?

Regards
Fabrizzio

[Tiago Vieira]

Hello,

I set that option to "true" but the permissions are not applied to the studies already stored, I have to import them again...

If you can find some solution to apply the studies already store let me know.

Tiago.

[sandro moser]

Hello Tiago,

I am with the same issue here, however I really cant make it work even following yr examples here...

We have a DCM4CHEE PACS server that receives XA images from 5 differente Osirix Pacs from differente hospitals.

We want that each Osirix Pacs client only may Query/Retrieve their relative studies. (as they are all archived in the same DCM4CHEE Server.).

Please help me....

[Keith Schneider]

Hi, did you ever find any solution to this, other than blocking OsiriX and only allowing web access?

keith

[Ralf Hoffmann]

To add Study permissions on old studies, have a look into the database:

study_permission

Column	Description
pk	The primary key
study_iuid	DICOM Study Instance UID (0020,000D).
action	Allowed Actions
roles	Roles granted Access

Just add the needed values to existing studies.