Access Control - dcm4che/dcm4chee-arc-light GitHub Wiki

Overview

Configuring one or more AccessControlID to a particular Application Entity defines which studies it can see

Configuration

Using Archive UI

  1. Go to Menu->Configuration, then on Devices page, Edit the dcm4chee-arc device. Go to Child objects and select DCM4CHEE from the dropdown of Network AEs.
  2. Next go to Extensions and Edit extension of Network AE Extension, then go to Extensions and Edit Extension of Archive Network AE. As per one's application needs, enter values in field Access Control ID. Add multiple Access Control ID if required and Save.

By default DCM4CHEE AE has a web application configured and associated to it, to enable querying for studies using DICOM Web Services (QIDO). If a different AE has been created, ensure that Web Application is also configured for the same.

Using LDAP

Note : Below shown configuration is done to handle both cases explained in Store Access Control

One may either

  • create a LDIF file (e.g.):

    1. For Store Access Control : Configured on AE

       version: 1
       dn: dicomAETitle=DCM4CHEE1,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
       changetype: add
       add: dcmAccessControlID
       dcmAccessControlID: Customer1
       -
       
       dn: dicomAETitle=DCM4CHEE2,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
       changetype: add
       add: dcmAccessControlID
       dcmAccessControlID: Customer2
       -
      
    2. For Store Access Control : Configured using Rule

       version: 1
       dn: dicomAETitle=DCM4CHEE3,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
       changetype: add
       add: dcmAccessControlID
       dcmAccessControlID: INSTITUTION_MAIN
       -
      
       dn: dicomAETitle=DCM4CHEE,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
       changetype: add
       add: dcmAccessControlID
       dcmAccessControlID: INSTITUTION_ANY
       -
      
    3. For No Store Access Control configured by any of the two ways described, one may still restrict accessing the studies by providing a list of Access Control IDs. This means that DCM4CHEE AE can see only the studies assigned * or Access1 or Access2. (You may or may not choose to configure Access1 and/or Access2 as StoreAccessControlID)

       dn: dicomAETitle=DCM4CHEE,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
       changetype: add
       add: dcmAccessControlID
       dcmAccessControlID: Access1
       -
       dn: dicomAETitle=DCM4CHEE,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
       changetype: add
       add: dcmAccessControlID
       dcmAccessControlID: Access2
      

    and import it to the LDAP Server by using the ldapmodify command line utility.

  • or use the Add Attribute... and Add Value... function of Apache Directory Studio to add attributes on Application Entity Level (e.g: dicomAETitle=DCM4CHEE) in the Archive Configuration.

One may refer to Archive Network AE to understand the description of attributes.

Go to the Control tab on Configuration page in archive UI and reload the configuration.

⚠️ **GitHub.com Fallback** ⚠️