Contents x
    Groups
    • 06 Nov 2024
    • 6 Minutes to read
    • Print
    • Dark
      Light
    Contents

    Groups

    • Updated on 06 Nov 2024
    • 6 Minutes to read
    • Print
    • Dark
      Light
    Article summary

    Create groups of users to allow multiple users access to the same information. Groups are useful for security reasons and creating collections.

    create-groups(1)Click on image to zoom

    Creating Groups

    1. In the Navigation menu, click Groups.
    2. Click add_circle found in the top right corner.
    3. In the Add Group screen, enter the needed information:
      1. In the Name field, enter a name for the group. Group names are not allowed spaces. You may use camel case or underscores to help distinguish words: GreatDetectives or great_detectives. Only alphanumeric and underscore characters are allowed.
      2. In the Description field, enter the description for the group.
      3.  Select the Group type. For now, this helps identify the purpose for the group.
      4. In the Available Users area, click add next to the user to add him or her to the group. The user appears in the Added Users section below the description. Clicking fast_forward moves all users to Added Users.
    4. Click Save.

    It is possible to perform a search for the users by typing the username on the Search Available Users field provided.

    Clicking arrow_back returns you to the list of groups without saving the changes.

    Understanding Search Appliance Roles

    The Search Appliance uses roles to allow access to different subsystems on the appliance. For example, these roles allow a common user to access the search interface without having permission to use the administration pages.

    Role NameRole Descriptions
    Administration Roles
    searchappliance_ccd_on_demandThis grants the user permission to run the ccd-on-demand plugin report.
    searchappliance_indexerIndexer users can configure settings associated with parsing and indexing data. This includes Search server, Parse table, Search table, and Stop words settings. It allows access to Admin: Data Management only.
    searchappliance_mpimanageThe user can add, change, activate, or deactivate MPI records.*
    searchappliance_qrdaThis grants permission to the user to run the QRDA plugin report.
    searchappliance_roi_adminThis allows user to access and use the ROI tool.
    searchappliance_systemUsers can configure settings associated with the Search Appliance, such as the Web server, application interface, and administration portal settings.
    Search Roles
    searchappliance_searchUsers can access the Search Appliance search interface. The search group by itself does not allow the user to see results. The user must also be part of a group or security collection that allows access to data. Users do not have access to any of the Admin pages unless given those rights also.
    searchappliance_search_by_idUsers can run simple and compound queries that are shared with them, but the role does not allow the user to specify new queries or to change reports shared with them. Users have limited access to Clinical Reports. Use this role to create locked-down workflows with compound query that allow a user to accomplish a specific task without being granted general access to the system. This role is used with those using IMAT's VHR or IMAT's ROI.
    VHR Roles
    searchappliance_vhrVHR users access all pages of VHR, but the search must be done with a minimum of a last name and date of birth.
    searchappliance_vhr_adminUsers have access to all the pages of VHR.
    searchappliance_vhr_adtUsers have access to the Admits/Discharges/Registrations page.
    searchappliance_vhr_demographicsUsers have access to the VHR patient information page.
    searchappliance_vhr_labUsers have access to the VHR lab page.
    searchappliance_vhr_medicationsUsers have access to both the VHR prescribed and administered pages.
    searchappliance_vhr_radiologyUsers have access to the VHR radiology page.
    searchappliance_vhr_transcriptsUsers have access to the VHR transcribed reports page.
    Removed Roles—these roles may appear in versions earlier than the 9.0 release
    searchappliance_breakglassThis allows the user temporary unrestricted access to search all of a patient's records in the system.
    searchappliance_inboxesInboxes users can configure inboxes for use with the Push API. Users are given access to only the Uploader in the Admin pages.
    searchappliance_sftpuserIt gives a user limited access to upload files that can be fed into the search server. Usually IMAT's IT department will set this role for a company or secretary that will upload the files.
    searchappliance_shellUsers in this role are permitted to SSH into a machine.
    searchappliance_statusUsers can monitor the status of the system. This includes monitoring logs and feed jobs.
    searchappliance_uncontained_searchHighly-trusted users (normally only system administrators) have access to run a query without any security containment or restrictions on the network or to data access.
    searchappliance_wheelMembers of the wheel role are also put in the system wheel group, which is the administrative group on Red Hat systems, including CentOS. This means that the users of this role have sudo privileges and can access the system as root if need be.

    *All MPI users must also be assigned to searchappliance_search and a security collection.
    †All vhr_ users must also be assigned to searchappliance_search_by_id.
    ‡Wheel and shell roles take precedence over the sftpuser role. If a user is assigned sftpuser and one of the other roles, sftpuser is removed from the list of assigned roles.


    Role Mapping

    Search Appliance role mapping assigns many roles to one group or one role to one group. The roles are structured in a simple hierarchy such that some roles have the same permission as itself and other roles inclusively. For example, the system role can access all systems requiring the system role but can also access all systems that require the indexer, retriever roles, etc. The following table lists the hierarchy in the preconfigured Search Server roles.

    Group NameRole Permissions
    searchappliance_ccd_on_demandccd_on_demand
    searchappliance_indexerindexer and search
    searchappliance_mpimanagempi_manage*
    searchappliance_qrdaqrda
    searchappliance_roi_adminroi_admin
    searchappliance_searchsearch and search_by_id
    searchappliance_search_by_idsearch_by_id
    searchappliance_systemall searchappliance_* roles
    searchappliance_vhr_adminvhr_admin, vhr, vhr_adt, vhr_demographics, vhr_lab, vhr_medications, vhr_radiology, and vhr_transcripts
    searchappliance_vhrvhr, vhr_adt, vhr_demographics, vhr_lab, vhr_medications, vhr_radiology, and vhr_transcripts
    searchappliance_vhr_adtvhr_ dt
    searchappliance_vhr_demographicsvhr_demographics
    searchappliance_vhr_labvhr_lab
    searchappliance_vhr_medicationsvhr_medications—administered and prescribed
    searchappliance_vhr_radiologyvhr_radiology 
    searchappliance_vhr_transcriptsvhr_transcribed pages 
    Removed Roles—these roles may appear in versions earlier than the 9.0 release
    searchappliance_breakglassbreakglass
    searchappliance_inboxesinboxes
    searchappliance_sftpuserSFTP user
    searchappliance_shellshell
    searchappliance_statusstatus
    searchappliance_uncontained_searchuncontained_search
    searchappliance_wheelwheel and shell

    *All MPI users must also be assigned to searchappliance_search and a security collection.
    †All VHR users must also be assigned to search_by_id.
    ‡Wheel and shell roles take precedence over the sftpuser role. If a user is assigned sftpuser and one of the other roles, sftpuser is removed from the list of assigned roles.


    Editing a Group

    Clicking on a group displays a pane on the right that shows the group name and description. The pane also allows editing and deleting of a group.

    manage-groups(1)Click on image to zoom

    Editing Members

    1. In the Navigation menu, click Groups.
    2. Click the group you wish to edit. Search for groups by typing the group name in the search field.
    3. Click Manage Members.
    4. Remove current members from the group by doing one of the following:
      • Click close by the user in the right column.
      • Click fast_rewind to remove all from the right column to the left.
    5. Add members from the Available Members section of the screen by the following means:
      • Click add by the username to move one user to the group.
      • Click fast_forward to move all the users to the group.
    6. Click Reset to return all groups to their original position.
    7. Click Save.
    Click on image to zoom

    Editing the Group Description

    To edit the group description:

    1. Click on the group you wish to edit.
    2. In the details pane, click edit.
    3. Enter the new description.
    4. Click Update Group.
    Click on image to zoom

    Deleting a Group

    If you find that you no longer need a group, it is possible to delete it. Be cautious when deleting a group, however, because it can cause unexpected problems. The confirm deletion box displays how many Set Definitions and Security Collections are associated with the group. Make sure that none of those items are required before you delete a group.

    1. In the Navigation menu, click Groups.
    2. Click on the group you wish to delete. Search for groups by typing the group name in the search field.
    3. Click Delete Group.
    4. Confirm that you want to delete the group.
    Click on image to zoom

    Downloading Group List

    It is possible to download a CSV file of the groups:

    1. In the Navigation menu, click Groups.
    2. Click file_download.
    Was this article helpful?
    What's Next

    Copyright 2021 Perfect Search Corporation. All rights reserved. Version: 9.0