Dicom C-find or DicomWeb Qido-RS : filter returned results by users permissions


Let’s imagine a case with an higher-level application on the top of the REST API of one single instance of Orthanc in order to centralize all dicom instances in one single database in the cloud from different customers.

Is there a fine and tunable way users can use their workstations to access Dicom C-find or dicomWeb QIDO-RS with only their studies (user A does not have to see user’s B studies when he will do a C-Find search and in more complex case, user C can access his studies + A studies but not B studies for example)

I found a way by using IncomingFindRequestFilter in a lua script using InstitutionName tag but it only works for one value not the second case where users C can access results from A+C studies.

Does someone ca help me to achieve this purpose ?

Thanks you very much in advance.


For DICOMweb, I guess you could use the metadata “RemoteIP” or “RemoteAET” (that stores from which modality the DICOM instance was received) inside the “RegisterIncomingHttpRequestFilter()” (e.g. using a Python plugin for maximum flexibility):


For DICOM, you could use the same approach inside a custom C-FIND and C-MOVE SCP handler:




Thanks Sebastien for your answer!

I am afraid such metadatas (RemoteIP and RemoteAET) are not usable when studies are sent by the transfer plugin from an local hospital Orthanc to the central cloud Orthanc backend… Isn’t it?



Indeed, but you could install another script in the local hospital to set some custom metadata once a transfer is over (by monitoring the “orthanc.ChangeType.JOB_SUCCESS” event):


As you are visibly in an enterprise setup, you could also consider sponsoring Osimis to develop such an extension to the transfer plugin: