Versions Compared

Old Version 8

changes.mady.by.user Peter Heiles

Saved on

compared with

New Version 9

changes.mady.by.user Peter Heiles

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A "StudyPermission" entity, with a N:1 relation ship to the Study entity, with a "role", an an "action" attribute.
When an association is accepted, one or several roles are associated with that association, based on the identity of the association initiator: In the simplest version, it may be a lookup in the existing roles table with the Called AET as user_id. If the Association initiator supports negotiation of the user identity in the A-Associate RQ, instead of the AET, the user id can be used for the lookup. And there will be an extension point, to get the associated roles to that association initator from other sources than the roles TABLE.
When a Study is created on receive of its first object, permissions will be created and linked to this Study according a configurable policy, which may consider not only the roles associated with the STORE SCU as described above, but also attributes of the object, in particular request attributes (e.g. Requesting Service) fetched from a specified MWL SCP and merged into the received object.
Consideration of Storage or Retrieve permissions is even simpler, because the operation will fail if the association initiator has not assigned a role with the permission to perform the requested operation.
For retrieve you may have to distinguish between a 'read' permission for the Storage SCP acting as Move Destination and a 'retrieve' permission for the Move SCU.
Permissions are definded defined by the relationship from StudyIUID to role and actions.

...

  • AE Management
    User ID and Password attribute are configurable for AET's which do not support user identification
  • WebInterface (legacy WEB2, versions <=2.17.0)
    • Configure the Web Interface for usage of study permissions:
      • Enable Study Permission for WebInterface
        Query, Edit and Delete restrictions are anabled by setting the following parameter in ../server/default/deploy/dcm4chee-web.war/WEB-INF/web.xml (has to be extracted for editing):
        Code Block
        xml
        xml
        <init-param>
<param-name>enableStudyPermissionCheck</param-name>
<param-value>false</param-value>
</init-param>
      • It is als possible to disable StudyPermissionCheck for dedicated user(s) (seperated by ',') that should see all studies (e.g. to configure Study Permissions Roles.
        Code Block
        xml
        xml
        <init-param>
<param-name>disableStudyPermissionCheckForUser</param-name><param-value>admin</param-value>
</init-param>
      • Grant/Revoke Study Permission
        Users have to be assigned to one of the following roles to be able to grant/revoke study permissions:
        GrantPrivileg – Users of this role are allowed to grant/revoke study sermissions for ALL studies in the archive
        GrantOwnPrivileg – Users of this role are allowed to grant/revoke study permissions for those studies they have already got read permission
      • If user authentificationis managed by the PACS Database these roles have to be enabled in.../dcm4chee-web/dcm4chee-webroles-cfg.xml.
        Code Block
        xml
        xml
        <role name="client1" type="StudyPermission" descr="Role for client 1 (Radiology)"/>
<role name="client2" type="StudyPermission" descr="role for client 2 (Neurosurgery)"/>
  • WebInterface (WEB3, versions >=2.17.1)
    • Configure the Web Interface for usage of study permissions:
      • Enable Study Permission for WebInterface
        Login to jmx-console, open dcm4chee.web,service=WebConfig
        manageStudyPermissions=true (Study permissions can be edited in WebInterface)
        useStudyPermissions=true (Study permissions are applied according to users DICOM roles in WebInterface)
      • Configure Study Permission (DICOM) Roles in WEB3
        Login to web 3, navigate to the roles tab and add any desired "study permission roles" with type "Dicom"
        HINT: WEB3 will automatically add DICOM roles if it discovers an unknown DICOM role while a user edits permissions for a study.
      • Configure "Study Permission Edit" permissions for Web3
        Edit permissions for a role with type "Web" and set desired study permission rights for the webinterface
        Please Note that these rights are only offered if manageStudyPermissions=true in dcm4chee.web,service=WebConfig
        Edit all study permissions
        Users assigned to a role with this right are allowed to edit study permissions for ANY study in the archive
        Propagate study permissions
        Users assigned to a role with this right are allowed to set permission for a study (they are allowed to access) to any configured "DICOM role"
        Edit own study permissions
        Users assigned to a role with this right are allowed to set permission for a study (they are allowed to access) to "DICOM roles" they are assigned to

series-permission.xsl sample:

...