User Administration
You can use the iCDR administrative console to create, list, lock and get information about users within the iCDR instance.

Viewing Users

You can view users in the system using the user.list command, specifying optional filter parameters.
1
> user.list
2
SID Name Last Auth Lockout ILA A
3
fadca076-3690-4a6e-af9e-f1cd68e8c7e8 SYSTEM 0 *
4
c96859f0-043c-4480-8dab-f69d6e86696c ANONYMOUS 0 *
5
54558ca2-c093-11ea-9f6f-00155d640b09 Administrator 2021-02-21T17:08:57... 0 *
6
2a348c6e-c158-11ea-9f6f-00155d640b09 demoadmin 2021-02-19T15:07:50... 0 *
7
54558ca4-c093-11ea-9f6f-00155d640b09 Allison 2021-02-16T12:00:31... 9999-12-21T18:59:59... 2 *
8
54558ca3-c093-11ea-9f6f-00155d640b09 Bob 9999-12-21T18:59:59... 0 *
Copied!
The optional filter parameters for user.list are.
Parameter
Description
Example
-l
Filter on locked status
user.list -l
-a
Shows obsolete non-active status users.
user.list -a
-h
Shows only HUMAN users and hides system users.
user.list -h
-s
Shows only SYSTEM users and hides human users.
user.list -s
-u
Filters by a specific user name pattern
user.list -u Bob

Adding Users

You can add a user to the iCDR instance using the user.add command:
1
> user.add -r CLINICAL_STAFF -u console -e [email protected] -p @Testing123
Copied!
You may receive an error from the server, if this is the case the server will indicate the reason for the failure, for example, when adding a user where the specified password does not match the minimum password requirements:
1
> user.add -r CLINICAL_STAFF -u baduser -e [email protected] -p blah
2
ERR: Exception has been thrown by the target of an invocation.
3
1:The remote server returned an error: (422) Unprocessable Entity.
4
REMOTE: Exception of type 'SanteDB.Core.Exceptions.DetectedIssueException' was thrown.
5
REMOTE: RULE: Error Password failed validation
6
2:The remote server returned an error: (422) Unprocessable Entity.
Copied!
Parameter
Description
Example
-r
The role(s) to assign the user
-r CLINICAL_STAFF -r VIP
-u
The username of the user
-u BOB
-e
The security e-mail address of the user
-p
The initial password to set for the user

Locking Users

To lock or unlock a user, the user.lock command is used specifying whether the lock should be set or unset.
To unlock the user bob:
1
user.lock bob
Copied!
To lock the user bob:
1
user.lock -l bob
Copied!

User Info View

You can get extended information about a particular user by using the user.info command and specifying the username. For example, to get information about user bob:
1
> user.info allison
2
Name: Allison
3
SID: 54558ca4-c093-11ea-9f6f-00155d640b09
5
Phone: tel:+19055751212;ext=4085
6
Invalid Logins: 2
7
Lockout: 9999-12-21T18:59:59.9999990-05:00
8
Last Login: 2021-02-16T12:00:31.2499360-05:00
9
Created: 2020-07-07T16:49:19.5797190-04:00 (SYSTEM)
10
Updated: 2021-02-16T17:42:36.4142670-05:00 (Administrator)
11
Roles: CLINICAL_STAFF , SENSITIVE_USERS
12
Effective Policies:
13
Unrestricted All [1.3.6.1.4.1.33349.3.1.5.9.2] : --- (default DENY)
14
Unrestricted Administrative Function [1.3.6.1.4.1.33349.3.1.5.9.2.0] : Deny (explicit)
15
Change Password [1.3.6.1.4.1.33349.3.1.5.9.2.0.1] : Deny (inherited from Unrestricted Administrative Function)
16
Administer Data Warehouse [1.3.6.1.4.1.33349.3.1.5.9.2.0.10] : Deny (inherited from Unrestricted Administrative Function)
17
Access Audit Log [1.3.6.1.4.1.33349.3.1.5.9.2.0.11] : Deny (inherited from Unrestricted Administrative Function)
18
Administer Applets [1.3.6.1.4.1.33349.3.1.5.9.2.0.12] : Deny (inherited from Unrestricted Administrative Function)
19
Assign Policy [1.3.6.1.4.1.33349.3.1.5.9.2.0.13] : Deny (inherited from Unrestricted Administrative Function)
20
Create Role [1.3.6.1.4.1.33349.3.1.5.9.2.0.2] : Deny (inherited from Unrestricted Administrative Function)
21
Alter Role [1.3.6.1.4.1.33349.3.1.5.9.2.0.3] : Deny (inherited from Unrestricted Administrative Function)
22
Create Identity [1.3.6.1.4.1.33349.3.1.5.9.2.0.4] : Deny (inherited from Unrestricted Administrative Function)
23
Create Local Users [1.3.6.1.4.1.33349.3.1.5.9.2.0.4.1] : --- (default DENY)
24
Create Device [1.3.6.1.4.1.33349.3.1.5.9.2.0.5] : Deny (inherited from Unrestricted Administrative Function)
25
Create Application [1.3.6.1.4.1.33349.3.1.5.9.2.0.6] : Elevate (explicit)
26
Administer Concept Dictionary [1.3.6.1.4.1.33349.3.1.5.9.2.0.7] : Deny (inherited from Unrestricted Administrative Function)
27
Alter Identity [1.3.6.1.4.1.33349.3.1.5.9.2.0.8] : Deny (inherited from Unrestricted Administrative Function)
28
Alter Local Users [1.3.6.1.4.1.33349.3.1.5.9.2.0.8.1] : --- (default DENY)
29
Alter Policy [1.3.6.1.4.1.33349.3.1.5.9.2.0.9] : Deny (inherited from Unrestricted Administrative Function)
30
Login [1.3.6.1.4.1.33349.3.1.5.9.2.1] : Grant (explicit)
31
Login as a Service [1.3.6.1.4.1.33349.3.1.5.9.2.1.0] : Grant (inherited from Login)
32
OAUTH Login [1.3.6.1.4.1.33349.3.1.5.9.2.1.0.0] : --- (default DENY)
33
OAUTH client_credentials flow permission [1.3.6.1.4.1.33349.3.1.5.9.2.1.0.0.1] : --- (default DENY)
34
OAUTH password flow permission [1.3.6.1.4.1.33349.3.1.5.9.2.1.0.0.2] : --- (default DENY)
35
OAUTH authoization code grant flow permission [1.3.6.1.4.1.33349.3.1.5.9.2.1.0.0.3] : --- (default DENY)
36
OAUTH Password Reset grant (extended permission) [1.3.6.1.4.1.33349.3.1.5.9.2.1.0.0.4] : --- (default DENY)
37
Login for Password Reassignment [1.3.6.1.4.1.33349.3.1.5.9.2.1.0.1] : --- (default DENY)
38
Allow Impersonation of Application [1.3.6.1.4.1.33349.3.1.5.9.2.1.0.2] : --- (default DENY)
39
Access Client Administrative Function [1.3.6.1.4.1.33349.3.1.5.9.2.10] : --- (default DENY)
40
Unrestricted Clinical Data [1.3.6.1.4.1.33349.3.1.5.9.2.2] : Grant (explicit)
41
Query Clinical Data [1.3.6.1.4.1.33349.3.1.5.9.2.2.0] : Grant (inherited from Unrestricted Clinical Data)
42
Write Clinical Data [1.3.6.1.4.1.33349.3.1.5.9.2.2.1] : Grant (inherited from Unrestricted Clinical Data)
43
Delete Clinical Data [1.3.6.1.4.1.33349.3.1.5.9.2.2.2] : Grant (inherited from Unrestricted Clinical Data)
44
Read Clinical Data [1.3.6.1.4.1.33349.3.1.5.9.2.2.3] : Grant (inherited from Unrestricted Clinical Data)
45
Export Clinical Data [1.3.6.1.4.1.33349.3.1.5.9.2.2.4] : Grant (inherited from Unrestricted Clinical Data)
46
Elevate Clinical Data [1.3.6.1.4.1.33349.3.1.5.9.2.2.5] : Grant (inherited from Unrestricted Clinical Data)
47
Unrestricted Metadata [1.3.6.1.4.1.33349.3.1.5.9.2.4] : --- (default DENY)
48
Read Metadata [1.3.6.1.4.1.33349.3.1.5.9.2.4.0] : Grant (explicit)
49
Read Materials [1.3.6.1.4.1.33349.3.1.5.9.2.4.0.1.2] : Grant (inherited from Read Metadata)
50
Query Materials [1.3.6.1.4.1.33349.3.1.5.9.2.4.0.1.3] : Grant (inherited from Read Metadata)
51
Read Places & Orgs [1.3.6.1.4.1.33349.3.1.5.9.2.4.0.2.2] : Grant (inherited from Read Metadata)
52
Query Places & Orgs [1.3.6.1.4.1.33349.3.1.5.9.2.4.0.2.3] : Grant (inherited from Read Metadata)
53
Write Materials [1.3.6.1.4.1.33349.3.1.5.9.2.4.1.0] : --- (default DENY)
54
Delete Materials [1.3.6.1.4.1.33349.3.1.5.9.2.4.1.1] : --- (default DENY)
55
Write Places & Orgs [1.3.6.1.4.1.33349.3.1.5.9.2.4.2.0] : --- (default DENY)
56
Delete Places & Orgs [1.3.6.1.4.1.33349.3.1.5.9.2.4.2.1] : --- (default DENY)
57
Unrestricted Data Warehouse [1.3.6.1.4.1.33349.3.1.5.9.2.5] : --- (default DENY)
58
Write Warehouse Data [1.3.6.1.4.1.33349.3.1.5.9.2.5.0] : --- (default DENY)
59
Delete Warehouse Data [1.3.6.1.4.1.33349.3.1.5.9.2.5.1] : --- (default DENY)
60
Read Warehouse Data [1.3.6.1.4.1.33349.3.1.5.9.2.5.2] : --- (default DENY)
61
Query Warehouse Data [1.3.6.1.4.1.33349.3.1.5.9.2.5.3] : --- (default DENY)
62
Unrestricted MDM [1.3.6.1.4.1.33349.3.1.5.9.2.6] : --- (default DENY)
63
Write MDM Master [1.3.6.1.4.1.33349.3.1.5.9.2.6.1] : --- (default DENY)
64
Read MDM Locals [1.3.6.1.4.1.33349.3.1.5.9.2.6.2] : --- (default DENY)
65
Merge MDM Master [1.3.6.1.4.1.33349.3.1.5.9.2.6.3] : --- (default DENY)
66
Special Security Elevation [1.3.6.1.4.1.33349.3.1.5.9.2.600] : Deny (explicit)
67
Change Security Challenge Question [1.3.6.1.4.1.33349.3.1.5.9.2.600.1] : Deny (inherited from Special Security Elevation)
68
Override Disclosure [1.3.6.1.4.1.33349.3.1.5.9.2.999] : Deny (explicit)
69
Restricted Information [1.3.6.1.4.1.33349.3.1.5.9.3] : --- (default DENY)
70
SUPER SECRET DISCLOSURE [2.25.3049340304933] : Grant (explicit)
Copied!