Restricting user access to subsets of DICOM files

I am trying to think of ways to restrict user access to subsets of DICOM files depending on the REB/IRB users are associated with. Apart from the obvious solution of running multiple orthanc instances by creating distinct init.d service files is there something else I can do? Can storage be shared to avoid file duplication if two people have interest in the same file?

We tried to implement such a feature in OrthancToolsJS
https://github.com/salimkanoun/Orthanc-Tools-JS

It’s partly done but the projet is going for a pause, we will release the 0.7.0 version and then will wait for funding to continue.

Technically the idea is to make an application that will implement your logic and deal with orthanc.

Best regards,

Salim

I am wondering if one could use a LUA script for example to check the calling AE title to control access if using just one orthanc instance. The calling AE title would become a sort of password.

You can specify what are the permissions for each calling AET by tuning the “DicomModalities” configuration option:

https://hg.orthanc-server.com/orthanc/file/Orthanc-1.9.6/OrthancServer/Resources/Configuration.json#l306

Depending on your scenario, you could be interested in setting “DicomAlwaysAllowStore” to “false”.

Merci Sébastien.
I wanted something more granular and dynamic. I wanted to restrict access of different users to different and possibly overlapping subsets of studies. I wanted to avoid running multiple servers to achieve this aim and was thinking of ways to do this with one server possibly distinguishing users by AETs and intercepting associations. ¿C’est fou comme idée?

Hi Robert,

Pas si fou comme idée !

You can probably achieve that with some python scripting by filtering the results of C-Find commands and preventing C-Move commands based on the issuer AET:

https://book.orthanc-server.com/plugins/python.html#handling-dicom-scp-requests-new-in-3-2

HTH

Alain.