Secure Archive Users and Roles - dcm4che/dcm4chee-arc-light GitHub Wiki
In a secured archive setup there are pre-configured users / roles intended for different purposes. A user may have just one or more roles mapped to it.
User (Docker Env Variable) | Role (Docker Env Variable) | Purpose | Notes | |
---|---|---|---|---|
user (REGULAR_USER) | auth (AUTH_USER_ROLE) | User role required to access the UI and REST APIs of the Archive | Mandatory - required for login / access | |
user (REGULAR_USER_ROLE) | Enables access to non-administrative functions of the UI and RESTful services of the Archive | Eg. View / Count studies / patients etc. Requires UI Permission Configuration with assignment of user role | ||
admin (ADMIN_USER) | auth (AUTH_USER_ROLE) | User role required to access the UI and REST APIs of the Archive | Mandatory - required for login / access | |
admin (ADMIN_USER_ROLE) | Enables access to administrative functions of the UI | Eg. Export / Retrieve / Reject studies / series etc. Requires UI Permission Configuration with assignment of admin role | ||
root (SUPER_USER) | auth (AUTH_USER_ROLE) | User role required to access the UI and REST APIs of the Archive | Mandatory - required for login / access | |
root (SUPER_USER_ROLE) | Access to all functionality / RESTful services in archive UI. Additionally, Security Alert - Emergency Override Started / Stopped audits emitted on logins(-outs) by users with this role | Does not require UI Permission Configuration. | ||
auditlog | Secured access to Elasticsearch and Kibana | |||
ADMINISTRATOR | Secured access to Wildfly administration console | |||
All realm-management Client Roles | Access to realm management in Keycloak admin console | realm-management is a Keycloak Client containing several roles mapped to it like for eg. view-realm or manage-clients etc. This root user is mapped with all of the realm-management Keycloak client's roles. |
As required by one's project needs, one may choose to decouple various roles by creating different users to restrict or limit the functionalities / usage to only a certain group of users mapped to a particular type of role - refer Change preconfigured users and roles.