User Administration
You can use the iCDR administrative console to create, list, lock and get information about users within the iCDR instance.
Viewing Users
You can view users in the system using the user.list
command, specifying optional filter parameters.
> user.list
SID Name Last Auth Lockout ILA A
fadca076-3690-4a6e-af9e-f1cd68e8c7e8 SYSTEM 0 *
c96859f0-043c-4480-8dab-f69d6e86696c ANONYMOUS 0 *
54558ca2-c093-11ea-9f6f-00155d640b09 Administrator 2021-02-21T17:08:57... 0 *
2a348c6e-c158-11ea-9f6f-00155d640b09 demoadmin 2021-02-19T15:07:50... 0 *
54558ca4-c093-11ea-9f6f-00155d640b09 Allison 2021-02-16T12:00:31... 9999-12-21T18:59:59... 2 *
54558ca3-c093-11ea-9f6f-00155d640b09 Bob 9999-12-21T18:59:59... 0 *
The optional filter parameters for user.list
are.
Parameter
Description
Example
-l
Filter on locked status
user.list -l
-a
Shows obsolete non-active status users.
user.list -a
-h
Shows only HUMAN users and hides system users.
user.list -h
-s
Shows only SYSTEM users and hides human users.
user.list -s
-u
Filters by a specific user name pattern
user.list -u Bob
Adding Users
You can add a user to the iCDR instance using the user.add
command:
> user.add -r CLINICAL_STAFF -u console -e [email protected] -p @Testing123
You may receive an error from the server, if this is the case the server will indicate the reason for the failure, for example, when adding a user where the specified password does not match the minimum password requirements:
> user.add -r CLINICAL_STAFF -u baduser -e [email protected] -p blah
ERR: Exception has been thrown by the target of an invocation.
1:The remote server returned an error: (422) Unprocessable Entity.
REMOTE: Exception of type 'SanteDB.Core.Exceptions.DetectedIssueException' was thrown.
REMOTE: RULE: Error Password failed validation
2:The remote server returned an error: (422) Unprocessable Entity.
Parameter
Description
Example
-r
The role(s) to assign the user
-r CLINICAL_STAFF -r VIP
-u
The username of the user
-u BOB
-p
The initial password to set for the user
-p P@ssw0rd
Locking Users
To lock or unlock a user, the user.lock
command is used specifying whether the lock should be set or unset.
To unlock the user bob:
user.lock bob
To lock the user bob:
user.lock -l bob
User Info View
You can get extended information about a particular user by using the user.info
command and specifying the username. For example, to get information about user bob:
> user.info allison
Name: Allison
SID: 54558ca4-c093-11ea-9f6f-00155d640b09
Email: [email protected]
Phone: tel:+19055751212;ext=4085
Invalid Logins: 2
Lockout: 9999-12-21T18:59:59.9999990-05:00
Last Login: 2021-02-16T12:00:31.2499360-05:00
Created: 2020-07-07T16:49:19.5797190-04:00 (SYSTEM)
Updated: 2021-02-16T17:42:36.4142670-05:00 (Administrator)
Roles: CLINICAL_STAFF , SENSITIVE_USERS
Effective Policies:
Unrestricted All [1.3.6.1.4.1.33349.3.1.5.9.2] : --- (default DENY)
Unrestricted Administrative Function [1.3.6.1.4.1.33349.3.1.5.9.2.0] : Deny (explicit)
Change Password [1.3.6.1.4.1.33349.3.1.5.9.2.0.1] : Deny (inherited from Unrestricted Administrative Function)
Administer Data Warehouse [1.3.6.1.4.1.33349.3.1.5.9.2.0.10] : Deny (inherited from Unrestricted Administrative Function)
Access Audit Log [1.3.6.1.4.1.33349.3.1.5.9.2.0.11] : Deny (inherited from Unrestricted Administrative Function)
Administer Applets [1.3.6.1.4.1.33349.3.1.5.9.2.0.12] : Deny (inherited from Unrestricted Administrative Function)
Assign Policy [1.3.6.1.4.1.33349.3.1.5.9.2.0.13] : Deny (inherited from Unrestricted Administrative Function)
Create Role [1.3.6.1.4.1.33349.3.1.5.9.2.0.2] : Deny (inherited from Unrestricted Administrative Function)
Alter Role [1.3.6.1.4.1.33349.3.1.5.9.2.0.3] : Deny (inherited from Unrestricted Administrative Function)
Create Identity [1.3.6.1.4.1.33349.3.1.5.9.2.0.4] : Deny (inherited from Unrestricted Administrative Function)
Create Local Users [1.3.6.1.4.1.33349.3.1.5.9.2.0.4.1] : --- (default DENY)
Create Device [1.3.6.1.4.1.33349.3.1.5.9.2.0.5] : Deny (inherited from Unrestricted Administrative Function)
Create Application [1.3.6.1.4.1.33349.3.1.5.9.2.0.6] : Elevate (explicit)
Administer Concept Dictionary [1.3.6.1.4.1.33349.3.1.5.9.2.0.7] : Deny (inherited from Unrestricted Administrative Function)
Alter Identity [1.3.6.1.4.1.33349.3.1.5.9.2.0.8] : Deny (inherited from Unrestricted Administrative Function)
Alter Local Users [1.3.6.1.4.1.33349.3.1.5.9.2.0.8.1] : --- (default DENY)
Alter Policy [1.3.6.1.4.1.33349.3.1.5.9.2.0.9] : Deny (inherited from Unrestricted Administrative Function)
Login [1.3.6.1.4.1.33349.3.1.5.9.2.1] : Grant (explicit)
Login as a Service [1.3.6.1.4.1.33349.3.1.5.9.2.1.0] : Grant (inherited from Login)
OAUTH Login [1.3.6.1.4.1.33349.3.1.5.9.2.1.0.0] : --- (default DENY)
OAUTH client_credentials flow permission [1.3.6.1.4.1.33349.3.1.5.9.2.1.0.0.1] : --- (default DENY)
OAUTH password flow permission [1.3.6.1.4.1.33349.3.1.5.9.2.1.0.0.2] : --- (default DENY)
OAUTH authoization code grant flow permission [1.3.6.1.4.1.33349.3.1.5.9.2.1.0.0.3] : --- (default DENY)
OAUTH Password Reset grant (extended permission) [1.3.6.1.4.1.33349.3.1.5.9.2.1.0.0.4] : --- (default DENY)
Login for Password Reassignment [1.3.6.1.4.1.33349.3.1.5.9.2.1.0.1] : --- (default DENY)
Allow Impersonation of Application [1.3.6.1.4.1.33349.3.1.5.9.2.1.0.2] : --- (default DENY)
Access Client Administrative Function [1.3.6.1.4.1.33349.3.1.5.9.2.10] : --- (default DENY)
Unrestricted Clinical Data [1.3.6.1.4.1.33349.3.1.5.9.2.2] : Grant (explicit)
Query Clinical Data [1.3.6.1.4.1.33349.3.1.5.9.2.2.0] : Grant (inherited from Unrestricted Clinical Data)
Write Clinical Data [1.3.6.1.4.1.33349.3.1.5.9.2.2.1] : Grant (inherited from Unrestricted Clinical Data)
Delete Clinical Data [1.3.6.1.4.1.33349.3.1.5.9.2.2.2] : Grant (inherited from Unrestricted Clinical Data)
Read Clinical Data [1.3.6.1.4.1.33349.3.1.5.9.2.2.3] : Grant (inherited from Unrestricted Clinical Data)
Export Clinical Data [1.3.6.1.4.1.33349.3.1.5.9.2.2.4] : Grant (inherited from Unrestricted Clinical Data)
Elevate Clinical Data [1.3.6.1.4.1.33349.3.1.5.9.2.2.5] : Grant (inherited from Unrestricted Clinical Data)
Unrestricted Metadata [1.3.6.1.4.1.33349.3.1.5.9.2.4] : --- (default DENY)
Read Metadata [1.3.6.1.4.1.33349.3.1.5.9.2.4.0] : Grant (explicit)
Read Materials [1.3.6.1.4.1.33349.3.1.5.9.2.4.0.1.2] : Grant (inherited from Read Metadata)
Query Materials [1.3.6.1.4.1.33349.3.1.5.9.2.4.0.1.3] : Grant (inherited from Read Metadata)
Read Places & Orgs [1.3.6.1.4.1.33349.3.1.5.9.2.4.0.2.2] : Grant (inherited from Read Metadata)
Query Places & Orgs [1.3.6.1.4.1.33349.3.1.5.9.2.4.0.2.3] : Grant (inherited from Read Metadata)
Write Materials [1.3.6.1.4.1.33349.3.1.5.9.2.4.1.0] : --- (default DENY)
Delete Materials [1.3.6.1.4.1.33349.3.1.5.9.2.4.1.1] : --- (default DENY)
Write Places & Orgs [1.3.6.1.4.1.33349.3.1.5.9.2.4.2.0] : --- (default DENY)
Delete Places & Orgs [1.3.6.1.4.1.33349.3.1.5.9.2.4.2.1] : --- (default DENY)
Unrestricted Data Warehouse [1.3.6.1.4.1.33349.3.1.5.9.2.5] : --- (default DENY)
Write Warehouse Data [1.3.6.1.4.1.33349.3.1.5.9.2.5.0] : --- (default DENY)
Delete Warehouse Data [1.3.6.1.4.1.33349.3.1.5.9.2.5.1] : --- (default DENY)
Read Warehouse Data [1.3.6.1.4.1.33349.3.1.5.9.2.5.2] : --- (default DENY)
Query Warehouse Data [1.3.6.1.4.1.33349.3.1.5.9.2.5.3] : --- (default DENY)
Unrestricted MDM [1.3.6.1.4.1.33349.3.1.5.9.2.6] : --- (default DENY)
Write MDM Master [1.3.6.1.4.1.33349.3.1.5.9.2.6.1] : --- (default DENY)
Read MDM Locals [1.3.6.1.4.1.33349.3.1.5.9.2.6.2] : --- (default DENY)
Merge MDM Master [1.3.6.1.4.1.33349.3.1.5.9.2.6.3] : --- (default DENY)
Special Security Elevation [1.3.6.1.4.1.33349.3.1.5.9.2.600] : Deny (explicit)
Change Security Challenge Question [1.3.6.1.4.1.33349.3.1.5.9.2.600.1] : Deny (inherited from Special Security Elevation)
Override Disclosure [1.3.6.1.4.1.33349.3.1.5.9.2.999] : Deny (explicit)
Restricted Information [1.3.6.1.4.1.33349.3.1.5.9.3] : --- (default DENY)
SUPER SECRET DISCLOSURE [2.25.3049340304933] : Grant (explicit)
Last updated
Was this helpful?