We want to configure Orthanc as a multi-tenant system where a single Orthanc instance serves multiple users. Each user should only have access to their own studies and uploaded data after logging in.
Expected Behavior:
- A shared Orthanc server should be used by multiple users.
- Users should only see their own uploaded studies and associated data.
- Access to data should be restricted based on user authentication.
- API calls (e.g.,
GET /studies) should also enforce user-based restrictions and return only the studies associated with the authenticated user.
Investigation & Considerations:
- Orthanc provides a labeling mechanism to segregate studies, but we need to explore how to implement it for user-based access control.
- Need to determine the limitations of the labeling feature (e.g., performance, security concerns, scalability).
- Explore possible automation for assigning labels upon upload and enforcing access restrictions dynamically.
- Verify if API calls can be restricted based on labels (e.g.,
GET /studiesshould return only studies belonging to the requesting user). - Check if Orthanc plugins or external tools (e.g., PostgreSQL backend, Lua scripts, or Orthanc’s REST API) can help achieve this.