Secure Archive Users and Roles - dcm4che/dcm4chee-arc-light GitHub Wiki
In a secured archive setup there are pre-configured users / roles intended for different purposes. A user may have just one or more roles mapped to it.
| User (Docker Env Variable) | Role (Docker Env Variable) | Purpose | Notes | |
|---|---|---|---|---|
| user (AUTH_USER) | user (AUTH_USER_ROLE) | Enable access to UI and basic RESTful services in archive with limited functionality | Eg. View / Count studies / patients etc. Requires UI Permission Configuration with assignment of user role | |
| admin (ADMIN_USER) | user (AUTH_USER_ROLE) | Enable access to UI and basic RESTful services in archive | Eg. View / Count studies / patients etc. Requires UI Permission Configuration with assignment of user role | |
| admin (ADMIN_USER_ROLE) | Access to extended functionality / RESTful services in archive UI. | Eg. Export / Retrieve / Reject studies / series etc. Requires UI Permission Configuration with assignment of admin role | ||
| root (SUPER_USER) | user (AUTH_USER_ROLE) | Enable access to UI and basic RESTful services in archive | Eg. View / Count studies / patients etc. Requires UI Permission Configuration with assignment of user role | |
| root (SUPER_USER_ROLE) | Access to all functionality / RESTful services in archive UI. Additionally, Security Alert - Emergency Override Started / Stopped audits emitted on logins(-outs) by users with this role | Does not require UI Permission Configuration. | ||
| auditlog | Secured access to Elasticsearch and Kibana | |||
| ADMINISTRATOR | Secured access to Wildfly administration console | |||
| All realm-management Client Roles | Access to realm management in Keycloak admin console | realm-management is a Keycloak Client containing several roles mapped to it like for eg. view-realm or manage-clients etc. This root user is mapped with all of the realm-management Keycloak client's roles. | ||
As required by one's project needs, one may choose to decouple various roles by creating different users to restrict or limit the functionalities / usage to only a certain group of users mapped to a particular type of role - refer Change preconfigured users and roles.