# Group / Role Administration You can use the iCDR administrative console to view, add, list, and get information about groups/roles within the iCDR instance. ## Viewing Groups/Roles You can view groups/role in the system using the `role.list` command, specifying optional filter parameters. ``` > role.list SID Name Description A dadbd858-13c5-44a3-ad7d-1c44cecaa4b6 ANONYMOUS Group for user ANONYMOUS. Identifies the func... * 54b7677c-682b-425f-a937-3aa03d5951f1 SYNCHRONIZERS Group for user SYNCHRONIZERS. Identifies the ... * c3ae21d2-fc23-4133-ba42-b0e0a3b817d7 SYSTEM Group for user SYSTEM. Identifies the functio... * 3c83672a-dfe1-11eb-bbae-eb1f1d969e16 Muddsville A group for Muddsville residents and clinicians. * 86719164-e012-11eb-bbae-eb1f1d969e16 TestRole1 * 9df881f4-e00c-11eb-bbae-eb1f1d969e16 TestGroup2 Checking Policies being added. * 613d05a0-dd0d-4516-a30c-e733741885f0 DEVICE Represents a device in the system. Identifies... * 72fbf3f8-dfe1-11eb-bbae-eb1f1d969e16 TestGroup * 606e1586-dfe1-11eb-bbae-eb1f1d969e16 testGroup1 * c911ca0c-de82-11eb-bbad-eb1f1d969e16 Create-Role-Test1 * ff22744e-de81-11eb-bbad-eb1f1d969e16 Create-Role-Test * 0d605cd4-9642-11eb-be65-00155d640b09 TEST_REFACTOR TEST * f4e58ae8-8bbd-4635-a6d4-8a195b143436 USERS Group for users who have login access test * f6d2ba1d-5bb5-41e3-b7fb-2ec32418b2e1 ADMINISTRATORS Group for users who have administrative acces... * 252b0ad6-88a9-11eb-be65-00155d640b09 newgroup a new group edited again * 537cdc04-81ef-11eb-b733-00155d640b09 BoatFace Testing with Boatface * b81e78e0-8143-11eb-b733-00155d640b09 TestyMcTester Test Group 1 * 801eeac0-6eff-11eb-92d2-00155d640b09 SENSITIVE_USERS This group is for users which can see sensiti... * 43167dcb-6f77-4f37-8222-133e675b4434 CLINICAL_STAFF Group for clinic staff * ``` The optional filter parameters for `role.list` are: | Parameter | Description | Example | | --------- | ------------------------------------- | -------------- | | `-a` | Show non-active (deleted) roles only. | `role.list -a` | ## Adding Group/Role You can add a group/role to the iCDR instance using the `role.add` command with required `-r` parameter for group/role name: ``` role.add -r NewRoleTest ``` The optional filter parameters for `role.add` are. | Parameter | Description | Example | | --------- | ---------------------------------------------------- | ------------------------------------------------------------- | | `-g` | Specify a policy to explicitly grant the group/role. | `role.add -r NewRoleTest1 -g 1.3.6.1.4.1.33349.3.1.5.9.2.999` | | `-d` | Specify a policy to explicitly deny the group/role. | `role.add -r NewRoleTest2 -d 1.3.6.1.4.1.33349.3.1.5.9.2.999` | | `-n` | Set the Description core property for a group/role. | `role.add -r NewRoleTest2 -n NO_SPACES_NOTE` | ## Viewing Group/Role Information You can view groups/role information for a specific group/role to see all properties and policies using the `role.info` command with required `-r` parameter for group/role name: ``` > role.info -r NewRole3 Name: NewRole3 SID: 8479182c-e0ae-11eb-bbaf-eb1f1d969e16 Description: NOTE Created: 2021-07-09T08:09:31.9175110-04:00 (Administrator) Updated: 2021-07-09T08:10:44.9203880-04:00 (Administrator) Effective Policies: Unrestricted All [1.3.6.1.4.1.33349.3.1.5.9.2] : --- (default DENY) Unrestricted Administrative Function [1.3.6.1.4.1.33349.3.1.5.9.2.0] : --- (default DENY) Change Password [1.3.6.1.4.1.33349.3.1.5.9.2.0.1] : --- (default DENY) Administer Data Warehouse [1.3.6.1.4.1.33349.3.1.5.9.2.0.10] : --- (default DENY) Access Audit Log [1.3.6.1.4.1.33349.3.1.5.9.2.0.11] : --- (default DENY) Administer Applets [1.3.6.1.4.1.33349.3.1.5.9.2.0.12] : --- (default DENY) Assign Policy [1.3.6.1.4.1.33349.3.1.5.9.2.0.13] : --- (default DENY) Unrestricted PubSub Administration [1.3.6.1.4.1.33349.3.1.5.9.2.0.14] : --- (default DENY) Create/Alter PubSub Subscriptions [1.3.6.1.4.1.33349.3.1.5.9.2.0.14.1] : --- (default DENY) Disable/Enable PubSub Subscriptions [1.3.6.1.4.1.33349.3.1.5.9.2.0.14.2] : --- (default DENY) Delete PubSub Subscriptions [1.3.6.1.4.1.33349.3.1.5.9.2.0.14.3] : --- (default DENY) Read PubSub Subscriptions [1.3.6.1.4.1.33349.3.1.5.9.2.0.14.4] : --- (default DENY) Create Role [1.3.6.1.4.1.33349.3.1.5.9.2.0.2] : --- (default DENY) Alter Role [1.3.6.1.4.1.33349.3.1.5.9.2.0.3] : --- (default DENY) Create Identity [1.3.6.1.4.1.33349.3.1.5.9.2.0.4] : --- (default DENY) Create Local Users [1.3.6.1.4.1.33349.3.1.5.9.2.0.4.1] : --- (default DENY) Create Device [1.3.6.1.4.1.33349.3.1.5.9.2.0.5] : --- (default DENY) Create Application [1.3.6.1.4.1.33349.3.1.5.9.2.0.6] : --- (default DENY) Administer Concept Dictionary [1.3.6.1.4.1.33349.3.1.5.9.2.0.7] : --- (default DENY) Alter Identity [1.3.6.1.4.1.33349.3.1.5.9.2.0.8] : --- (default DENY) Alter Local Users [1.3.6.1.4.1.33349.3.1.5.9.2.0.8.1] : --- (default DENY) Alter Policy [1.3.6.1.4.1.33349.3.1.5.9.2.0.9] : --- (default DENY) Login [1.3.6.1.4.1.33349.3.1.5.9.2.1] : --- (default DENY) Login as a Service [1.3.6.1.4.1.33349.3.1.5.9.2.1.0] : --- (default DENY) OAUTH Login [1.3.6.1.4.1.33349.3.1.5.9.2.1.0.0] : --- (default DENY) OAUTH client_credentials flow permission [1.3.6.1.4.1.33349.3.1.5.9.2.1.0.0.1] : --- (default DENY) OAUTH password flow permission [1.3.6.1.4.1.33349.3.1.5.9.2.1.0.0.2] : --- (default DENY) OAUTH authoization code grant flow permission [1.3.6.1.4.1.33349.3.1.5.9.2.1.0.0.3] : --- (default DENY) OAUTH Password Reset grant (extended permission) [1.3.6.1.4.1.33349.3.1.5.9.2.1.0.0.4] : --- (default DENY) Login for Password Reassignment [1.3.6.1.4.1.33349.3.1.5.9.2.1.0.1] : --- (default DENY) Allow Impersonation of Application [1.3.6.1.4.1.33349.3.1.5.9.2.1.0.2] : --- (default DENY) Access Client Administrative Function [1.3.6.1.4.1.33349.3.1.5.9.2.10] : --- (default DENY) Unrestricted Clinical Data [1.3.6.1.4.1.33349.3.1.5.9.2.2] : --- (default DENY) Query Clinical Data [1.3.6.1.4.1.33349.3.1.5.9.2.2.0] : --- (default DENY) Write Clinical Data [1.3.6.1.4.1.33349.3.1.5.9.2.2.1] : --- (default DENY) Delete Clinical Data [1.3.6.1.4.1.33349.3.1.5.9.2.2.2] : --- (default DENY) Read Clinical Data [1.3.6.1.4.1.33349.3.1.5.9.2.2.3] : --- (default DENY) Export Clinical Data [1.3.6.1.4.1.33349.3.1.5.9.2.2.4] : --- (default DENY) Elevate Clinical Data [1.3.6.1.4.1.33349.3.1.5.9.2.2.5] : --- (default DENY) Unrestricted Metadata [1.3.6.1.4.1.33349.3.1.5.9.2.4] : --- (default DENY) Read Metadata [1.3.6.1.4.1.33349.3.1.5.9.2.4.0] : --- (default DENY) Read Materials [1.3.6.1.4.1.33349.3.1.5.9.2.4.0.1.2] : --- (default DENY) Query Materials [1.3.6.1.4.1.33349.3.1.5.9.2.4.0.1.3] : --- (default DENY) Read Places & Orgs [1.3.6.1.4.1.33349.3.1.5.9.2.4.0.2.2] : --- (default DENY) Query Places & Orgs [1.3.6.1.4.1.33349.3.1.5.9.2.4.0.2.3] : --- (default DENY) Write Materials [1.3.6.1.4.1.33349.3.1.5.9.2.4.1.0] : --- (default DENY) Delete Materials [1.3.6.1.4.1.33349.3.1.5.9.2.4.1.1] : --- (default DENY) Write Places & Orgs [1.3.6.1.4.1.33349.3.1.5.9.2.4.2.0] : --- (default DENY) Delete Places & Orgs [1.3.6.1.4.1.33349.3.1.5.9.2.4.2.1] : --- (default DENY) Unrestricted Data Warehouse [1.3.6.1.4.1.33349.3.1.5.9.2.5] : --- (default DENY) Write Warehouse Data [1.3.6.1.4.1.33349.3.1.5.9.2.5.0] : --- (default DENY) Delete Warehouse Data [1.3.6.1.4.1.33349.3.1.5.9.2.5.1] : --- (default DENY) Read Warehouse Data [1.3.6.1.4.1.33349.3.1.5.9.2.5.2] : --- (default DENY) Query Warehouse Data [1.3.6.1.4.1.33349.3.1.5.9.2.5.3] : --- (default DENY) Unrestricted MDM [1.3.6.1.4.1.33349.3.1.5.9.2.6] : --- (default DENY) Write MDM Master [1.3.6.1.4.1.33349.3.1.5.9.2.6.1] : --- (default DENY) Read MDM Locals [1.3.6.1.4.1.33349.3.1.5.9.2.6.2] : --- (default DENY) Merge MDM Master [1.3.6.1.4.1.33349.3.1.5.9.2.6.3] : --- (default DENY) Special Security Elevation [1.3.6.1.4.1.33349.3.1.5.9.2.600] : --- (default DENY) Change Security Challenge Question [1.3.6.1.4.1.33349.3.1.5.9.2.600.1] : --- (default DENY) Override Disclosure [1.3.6.1.4.1.33349.3.1.5.9.2.999] : --- (default DENY) Restricted Information [1.3.6.1.4.1.33349.3.1.5.9.3] : --- (default DENY) Create-Policy-Test [1.3.6.1.4.1.3349.3.1.5.9.2.99.4] : --- (default DENY) Testy Mctesterson [1.3.6.1.4.1.66666.3.1.5.9.2.0.14] : --- (default DENY) SUPER SECRET DISCLOSURE [2.25.3049340304933] : --- (default DENY) ``` There are no optional filter parameters for `role.list`. ## --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.santesuite.org/operations/cdr-administration/santedb-icdr-admin-console/group-role-management.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.