Skip to content

Secure Archive Users and Roles

Vrinda edited this page Apr 17, 2023 · 1 revision

Overview

In a secured archive setup there are pre-configured users / roles intended for different purposes. A user may have just one or more roles mapped to it.

User (Docker Env Variable) Role (Docker Env Variable) Purpose Notes
user (AUTH_USER) user (AUTH_USER_ROLE) Enable access to UI and basic RESTful services in archive with limited functionality Eg. View / Count studies / patients etc. Requires UI Permission Configuration with assignment of user role
admin (ADMIN_USER) user (AUTH_USER_ROLE) Enable access to UI and basic RESTful services in archive Eg. View / Count studies / patients etc. Requires UI Permission Configuration with assignment of user role
admin (ADMIN_USER_ROLE) Access to extended functionality / RESTful services in archive UI. Eg. Export / Retrieve / Reject studies / series etc. Requires UI Permission Configuration with assignment of admin role
root (SUPER_USER) user (AUTH_USER_ROLE) Enable access to UI and basic RESTful services in archive Eg. View / Count studies / patients etc. Requires UI Permission Configuration with assignment of user role
root (SUPER_USER_ROLE) Access to all functionality / RESTful services in archive UI. Additionally, Security Alert - Emergency Override Started / Stopped audits emitted on logins(-outs) by users with this role Does not require UI Permission Configuration.
auditlog Secured access to Elasticsearch and Kibana
ADMINISTRATOR Secured access to Wildfly administration console
All realm-management Client Roles Access to realm management in Keycloak admin console realm-management is a Keycloak Client containing several roles mapped to it like for eg. view-realm or manage-clients etc. This root user is mapped with all of the realm-management Keycloak client's roles.

As required by one's project needs, one may choose to decouple various roles by creating different users to restrict or limit the functionalities / usage to only a certain group of users mapped to a particular type of role - refer Change preconfigured users and roles.

Clone this wiki locally