/usr/share/doc/gnumed/user-manual/Gnumed/GmManualManagingUsers.html is in gnumed-doc 1.4.6+dfsg-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en_US" lang="en_US">
<head>
<title> GmManualManagingUsers < Gnumed < Foswiki</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="robots" content="noindex" /> <link rel="alternate" type="application/rss+xml" title="RSS Feed" href="WebRss.html" />
<link rel="icon" href="../rsrc/System/ProjectLogos/favicon.ico" type="image/x-icon" /> <link rel="shortcut icon" href="../rsrc/System/ProjectLogos/favicon.ico" type="image/x-icon" />
<link rel="alternate" href="http://wiki.gnumed.de/bin/edit/Gnumed/GmManualManagingUsers?t=1391005512" type="application/x-wiki" title="edit GmManualManagingUsers" />
<meta name="description" content="GmManualManagingUsers" />
<!--[if IE]></base><![endif]-->
<style type="text/css" media="all">
@import url('../rsrc/System/SkinTemplates/base.css');
</style>
<style type="text/css" media="all">
@import url('../rsrc/System/SkinTemplates/default.css');
</style>
<!--[if IE]><style type="text/css" media="screen">
pre {
overflow-x:auto;
padding-bottom:expression(this.scrollWidth > this.offsetWidth ? 16 : 0);
}
</style>
<![endif]-->
<meta name="foswiki.PUBURL" content="http://wiki.gnumed.de/pub" /> <!-- PUBURL -->
<meta name="foswiki.PUBURLPATH" content="/pub" /> <!-- PUBURLPATH -->
<meta name="foswiki.SCRIPTSUFFIX" content="" /> <!-- SCRIPTSUFFIX -->
<meta name="foswiki.SCRIPTURL" content="http://wiki.gnumed.de/bin" /> <!-- SCRIPTURL -->
<meta name="foswiki.SCRIPTURLPATH" content="/bin" /> <!-- SCRIPTURLPATH -->
<meta name="foswiki.SERVERTIME" content="29%20Jan%202014%20-%2015:25" /> <!-- SERVERTIME -->
<meta name="foswiki.SKIN" content="twikinet%2c%20pattern" /> <!-- SKIN -->
<meta name="foswiki.SYSTEMWEB" content="System" /> <!-- SYSTEMWEB -->
<meta name="foswiki.TOPIC" content="GmManualManagingUsers" /> <!-- TOPIC -->
<meta name="foswiki.USERNAME" content="KarstenHilbert" /> <!-- USERNAME -->
<meta name="foswiki.USERSWEB" content="Main" /> <!-- USERSWEB -->
<meta name="foswiki.WEB" content="Gnumed" /> <!-- WEB -->
<meta name="foswiki.WIKINAME" content="KarstenHilbert" /> <!-- WIKINAME -->
<meta name="foswiki.WIKIUSERNAME" content="Main.KarstenHilbert" /> <!-- WIKIUSERNAME -->
<meta name="foswiki.NAMEFILTER" content="%5b%5cs%5c*%3f~%5e%5c%24%40%25%60%22'%26%3b%7c%3c%3e%5c%5b%5c%5d%23%5cx00-%5cx1f%5d" /> <!-- NAMEFILTER --><!--JQUERYPLUGIN::FOSWIKI::META-->
<script type='text/javascript' src='../rsrc/System/JQueryPlugin/jquery-1.4.3.js'></script><!--JQUERYPLUGIN-->
<script type='text/javascript' src='../rsrc/System/JQueryPlugin/plugins/livequery/jquery.livequery.js'></script><!--JQUERYPLUGIN::LIVEQUERY-->
<script type='text/javascript' src='../rsrc/System/JQueryPlugin/plugins/foswiki/jquery.foswiki.js'></script><!--JQUERYPLUGIN::FOSWIKI-->
<script type='text/javascript' src='../rsrc/System/JSTreeContrib/jquery.jstree.js'></script><!--JQUERYPLUGIN::JSTREE-->
</head>
<body class=""><div class="foswikiPage">
<a name="PageTop"></a>
<p></p>
<p></p>
<h1><a name="Managing_GNUmed_Users"></a> Managing GNUmed Users </h1>
<p></p>
This topic follows on the more general topic, <a href="GmManualAccountManagement.html">GmManualAccountManagement</a>.
<p></p>
<a name="foswikiTOC"></a><div class="foswikiToc"> <ul>
<li> <a href="#Concepts"> Concepts </a>
</li> <li> <a href="#Adding_GNUmed_users"> Adding GNUmed users </a>
</li> <li> <a href="#Editing_users_and_resetting_forgotten_passwords"> Editing users and resetting forgotten passwords </a>
</li> <li> <a href="#Additional_background_about_Postgres"> Additional background about Postgres </a>
</li></ul>
</div>
<p></p>
<h2><a name="Concepts"></a> Concepts </h2>
<p></p>
<strong><em>A person is a person is a person</em></strong>
<p></p>
Any person GNUmed is to know about must have an entry in the demographics database. There is no difference whether it is staff, a patient, or a contact.
<p></p>
<strong>GNUmed User</strong>
<p></p>
A (GNUmed level) account needed to use the GNUmed user interface. Equivalent to a <em>"staff member"</em> or <em>"provider"</em>.
<p></p>
<strong>Database User</strong>
<p></p>
A (PostgreSQL level) account needed to access the tables in the GNUmed database. Database users belong to database groups which in turn define their access rights.
<p></p>
<strong>Database Group</strong>
<p></p>
A group of users in the database. Membership in database groups defines the access rights for a database user. Most database groups are equivalent to <em>care teams</em>. There are some special purpose database groups, however.
<p></p>
<strong>Care Team</strong>
<p></p>
In the database, access to patient data is granted to database groups. Currently (as of January 2010) GNUmed uses only one care team named <em>gm-doctors</em> for all patients. In later versions GNUmed will introduce fine-grained access control for arbitrarily defined care teams.
<p></p>
<strong>Accountability</strong>
<p></p>
Any change to the data is tracked in the database. It will record the database user that was used for the change along with the date and time of the change. To ensure proper identification of the staff member, database accounts (other than gm-dbo) are created on a purely one-to-one basis with an associated GNUmed user. Successful login to the GNUmed software is only possible for valid database username / password combinations which have already associated-with them a GNUmed staff.
<p></p>
<h2><a name="Adding_GNUmed_users"></a> Adding GNUmed users </h2>
<p></p>
To add a new staff member to the GNUmed system the following steps must be taken:
<p></p> <ol>
<li> add a new person to the demographics database <ul>
<li> from the main menu select <em>GNUmed</em> / <em>Users</em> / <em>Add user</em>
</li> <li> complete the wizard
</li> <li> the new person will now be the active "patient"
</li></ul>
</li> <li> enlist the activated patient as a staff member <ul>
<li> the <em>Add user</em> dialog will appear
</li> <li> complete the dialog
</li></ul>
</li></ol>
<p></p>
To register an existing person as staff:
<p></p> <ol>
<li> search for that person and make it the active patient
</li> <li> go to <em>Person</em> / <em>Enlist as user</em> and complete the dialog
</li></ol>
<p></p>
To logon as the new staff member exit GNUmed and enter the database account associated with the new staff member into the login GUI.
<p></p>
<em>Note: Presently, users created under the role 'nurse' for example 'Dr RN Chapel (Christine)' cannot login, because the role and associated database account have not yet been assigned functionality.</em>
<p></p>
<h2><a name="Editing_users_and_resetting_forgotten_passwords"></a> Editing users and resetting forgotten passwords </h2>
<p></p>
Deactivated users will display in blue and, while inactivated, will be unable to login. A display in red means GNUmed detected a problem with the user's setup (as can be a remnant of the original installation process), correctable by Activating the user.
<p></p>
Passwords will have been stored, by result of gm.create_user() function, as a This can only be done outside of GNUmed itself using, for example, the <code>psql</code> application.
<p></p>
As root, navigate to the directory containing <code>psql</code> (or ensure it is in your $PATH) and issue a command like follows, targeting the version of the database whose user account is to be modified:
<p></p>
<pre>
$> psql -d gnumed_v16 -U gm-dbo
gnumed_v16=> set default_transaction_read_only to off;
gnumed_v16=> ALTER USER "any-doc" WITH ENCRYPTED PASSWORD 'any-doc2';
gnumed_v16=> \q
$>
</pre>
<p></p>
Note the style of quoting above is important, otherwise PostgreSQL will try to subtract "doc" from "any" which won't work.
<p></p>
<h2><a name="Additional_background_about_Postgres"></a> Additional background about Postgres </h2>
<p></p>
Databases are like books, while schemata are like chapters, and tables are pages. A cluster, on the other hand, is like a shelf of books.
<p></p>
At the postgres level there exist database accounts which get granted access rights for certain databases, tables, schemata, functions,
etc regardless of any one or multiple applications which may like to make use of such accounts
<p></p>
<pre>
- any-doc
- gm-dbo
- ...
</pre>
<p></p>
two of which cannot carry the same name within a single PostgreSQL cluster, and it will depend on what rights have been granted in pg_hba.conf which databases/tables any account can actually access.
<p></p>
What <strong>applications</strong> like GNUmed or LSMB <strong>associate</strong> with such accounts PostgreSQL careth not.
<p></p>
A GNUmed level staff account consists of three distinct parts:
<p></p> <ol>
<li> a GNUmed person (dem.identity)
</li> <li> a GNUmed staff member (dem.staff) linked to the GNUmed person
</li> <li> a PostgreSQL account associated with the GNUmed staff member
</li></ol>
<p></p>
<a name="TopicEnd"></a>
<p></p>
<p></p>
<p></p>
<p></p>
</div>
</body></html>
|