-
Notifications
You must be signed in to change notification settings - Fork 244
Secure Archive Users and Roles
Vrinda edited this page Apr 17, 2023
·
1 revision
In a secured archive setup there are pre-configured users / roles intended for different purposes. A user may have just one or more roles mapped to it.
User (Docker Env Variable) | Role (Docker Env Variable) | Purpose | Notes | |
---|---|---|---|---|
user (AUTH_USER) | user (AUTH_USER_ROLE) | Enable access to UI and basic RESTful services in archive with limited functionality | Eg. View / Count studies / patients etc. Requires UI Permission Configuration with assignment of user role | |
admin (ADMIN_USER) | user (AUTH_USER_ROLE) | Enable access to UI and basic RESTful services in archive | Eg. View / Count studies / patients etc. Requires UI Permission Configuration with assignment of user role | |
admin (ADMIN_USER_ROLE) | Access to extended functionality / RESTful services in archive UI. | Eg. Export / Retrieve / Reject studies / series etc. Requires UI Permission Configuration with assignment of admin role | ||
root (SUPER_USER) | user (AUTH_USER_ROLE) | Enable access to UI and basic RESTful services in archive | Eg. View / Count studies / patients etc. Requires UI Permission Configuration with assignment of user role | |
root (SUPER_USER_ROLE) | Access to all functionality / RESTful services in archive UI. Additionally, Security Alert - Emergency Override Started / Stopped audits emitted on logins(-outs) by users with this role | Does not require UI Permission Configuration. | ||
auditlog | Secured access to Elasticsearch and Kibana | |||
ADMINISTRATOR | Secured access to Wildfly administration console | |||
All realm-management Client Roles | Access to realm management in Keycloak admin console | realm-management is a Keycloak Client containing several roles mapped to it like for eg. view-realm or manage-clients etc. This root user is mapped with all of the realm-management Keycloak client's roles. |
As required by one's project needs, one may choose to decouple various roles by creating different users to restrict or limit the functionalities / usage to only a certain group of users mapped to a particular type of role - refer Change preconfigured users and roles.
DCM4CHEE 5 Documentation