Access Control - dcm4che/dcm4chee-arc-light GitHub Wiki

Configuring one or more AccessControlID to a particular Application Entity defines which studies it can see

1. Go to Menu->Configuration, then on Devices page, Edit the dcm4chee-arc device. Go to Child objects and select DCM4CHEE from the dropdown of Network AEs.
2. Next go to Extensions and Edit extension of Network AE Extension, then go to Extensions and Edit Extension of Archive Network AE. As per one's application needs, enter values in field Access Control ID. Add multiple Access Control ID if required and Save.

By default DCM4CHEE AE has a web application configured and associated to it, to enable querying for studies using DICOM Web Services (QIDO). If a different AE has been created, ensure that Web Application is also configured for the same.

Note : Below shown configuration is done to handle both cases explained in Store Access Control

One may either

• create a LDIF file (e.g.):

  1. For Store Access Control : Configured on AE

      version: 1
      dn: dicomAETitle=DCM4CHEE1,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
      changetype: add
      add: dcmAccessControlID
      dcmAccessControlID: Customer1
      -
      
      dn: dicomAETitle=DCM4CHEE2,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
      changetype: add
      add: dcmAccessControlID
      dcmAccessControlID: Customer2
      -
     

  2. For Store Access Control : Configured using Rule

      version: 1
      dn: dicomAETitle=DCM4CHEE3,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
      changetype: add
      add: dcmAccessControlID
      dcmAccessControlID: INSTITUTION_MAIN
      -
     
      dn: dicomAETitle=DCM4CHEE,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
      changetype: add
      add: dcmAccessControlID
      dcmAccessControlID: INSTITUTION_ANY
      -
     

  3. For No Store Access Control configured by any of the two ways described, one may still restrict accessing the studies by providing a list of Access Control IDs. This means that DCM4CHEE AE can see only the studies assigned * or Access1 or Access2. (You may or may not choose to configure Access1 and/or Access2 as StoreAccessControlID)

      dn: dicomAETitle=DCM4CHEE,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
      changetype: add
      add: dcmAccessControlID
      dcmAccessControlID: Access1
      -
      dn: dicomAETitle=DCM4CHEE,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
      changetype: add
      add: dcmAccessControlID
      dcmAccessControlID: Access2
     

  and import it to the LDAP Server by using the ldapmodify command line utility.

• or use the Add Attribute... and Add Value... function of Apache Directory Studio to add attributes on Application Entity Level (e.g: dicomAETitle=DCM4CHEE) in the Archive Configuration.

One may refer to Archive Network AE to understand the description of attributes.

Go to the Control tab on Configuration page in archive UI and reload the configuration.