The CTP FileStorageService Access Mechanism
This article describes the access control mechanism which is included in the CTP FileStorageService. The primary intended audience for this article CTP administrators. A prerequisite for fully understanding this article is MIRC Clinical Trial Processor.
1 The FileStorageService
The FileStorageService is a CTP pipeline stage which stores objects in a file storage device. Files are stored in a hierarchy of directories, grouping objects by study. An object is associated with a study by its study UID.
As described in The CTP FileStorageService Web Server, the FileStorageService can be configured to group studies into FileSystems based on the contents of elements in the objects contained in the studies. For example, a FileStorageService can be configured to group studies by PatientID elements in DICOM objects which are received for storage. If no grouping information is provided in the configuration of the FileStorageService, all studies are placed in the FileSystem called __default.
The FileStorageService web server can be configured to enforce access control at the level of a FileSystem. To do so, the require-authentication attribute must be set to yes in the FileStorageService's configuration element as described in MIRC_Clinical_Trial_Processor#FileStorageService.
When authentication is required, the web server verifies on each transaction that the user is authenticated, and if not, displays a login page. After the login is successful, the user is directed to the original destination.
Users are managed through the UserManagerServlet, which is available only to admin users on the main page of the CTP web server.
(Note, CTP has a separate web server used to monitor the application and to perform certain administrative tasks. That web server is independent of the FileStorageService web server. Further, if CTP is configured to have multiple FileStorageServices, each will have a separate web server.)
Users may have zero or more of the following privileges:
- admin grants a user access to administrative functions that are restricted for security.
- delete grants a user the ability to delete studies in any FileSystem.
- guest identifies a user as someone who can be granted read access to a specific FileSystem by the owner of that FileSystem.
- proxy grants a user the to manage the guest list of any FileSystem.
- read grants a user the ability to view studies in any FileSystem.
A typical administrator would have all privileges.
In a system used to distribute studies to referring physicians, FileSystems would typically be organized by PatientID, and referring physicians would have the guest privilege. A technologist or secretary might be granted the proxy privilege so that person could add the appropriate physician to the guest list for the patient, thus granting the physician the ability to see the patient's studies.
In a system used for research data management, all users might be granted the read privilege, but only certain users might be granted the delete privilege, the latter just so that they can manage the storage of the system.