Configuration of Role Based Access Control
(provided by anonymous dcm4chee user)
- Define Roles in
conf/dcm4chee-web/dcm4chee-webroles-cfg.xml
<role name="client1" type="StudyPermission" descr="Role for client 1 (Radiology)"/> <role name="client2" type="StudyPermission" descr="role for client 2 (Neurosurgery)"/>
- Goto Section "User Admin" and define at least 2 Users 1 per role
- Goto Section AE Management and Define your Secure AET and at least one MASTER_AET
- Define Rules for Study Permission
E.g.:<?xml version="1.0" encoding="UTF-8"?> <!-- Sample configuration for grant/revoke Study Permissions on Series Stored event --> <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"> <xsl:output method="xml"/> <xsl:param name="calling" select="'SAMPLE_MOD'"/> <xsl:template match="/dataset"> <permissions> <xsl:variable name="studyUID" select="attr[@tag='0020000D']" /> <xsl:variable name="seriesMOD" select="attr[@tag='00080060']" /> <xsl:variable name="patIssuer" select="attr[@tag='00100021']" /> <xsl:choose> <!-- Configuration for CT stored in client2 - Neurosurgery --> <xsl:when test="$seriesMOD='CT' and not(contains(@patIssuer,'DCM4CHEE'))"> <!-- grant Query, Read and Append permission on Study to client2 in special case --> <grant role="client2" action="Q,R,A" suid="{attr[@tag='0020000D']}"/> </xsl:when> <!-- Configuration for CT stored in client1 - Radiology (having ISSUER set to DCM4CHEE) --> <xsl:when test="$seriesMOD='CT' and contains(@patIssuer,'DCM4CHEE')"> <!-- grant Query, Read and Append permission on Study to client2 in special case --> <grant role="client1" action="Q,R,A" suid="{attr[@tag='0020000D']}"/> </xsl:when> <!-- all other Modalities stored client1 - Radiology (having ISSUER set to DCM4CHEE) --> <xsl:otherwise> <!-- grant Query, Read and Append permission on Study to client1 per default --> <grant role="client1" action="Q,R,A" suid="{attr[@tag='0020000D']}"/> </xsl:otherwise> </xsl:choose>
- Set the Archive Behaviour for using the Security Feature
Study Permission Service#UpdateOnSeriesStored =true
Query Retrieve SCP#UnrestrictedReadPermissionsToAETitles =MASTER_AET
Query Retrieve SCP#UnrestrictedQueryPermissionsToAETitles =MASTER_AET
Query Retrieve SCP#UnrestrictedExportPermissionsToAETitles =MASTER_AET
- PITFALLS:
Make sure that your WebViewer is able to show files after enabling the Security Features.