Group

A group is an entity containing users and is attached to a specific profile. A group contains a set of parameters such as Display Protocols in CARESTREAM PACS Client or specific security settings, etc.

Profile

A profile describes the functions a user has after logging in to the CARESTREAM PACS Client. A profile contains a list of features (similar to licensing). Sites cannot edit the contents of a profile. One group can only belong to one profile. However, several different groups can belong to the same profile.

For example: Group A belongs to one specific profile (Profile A). Group B also belongs to one specific profile (Profile A). Users of both groups have the same set of basic features (and user interface) when they log on to the system. However, each group has its own set of permissions.

A feature is a licensed permission, is not configurable, and represents a function in the system.

Permissions

The permissions to perform certain operations or view certain data are controlled by the Security Manager and managed by the UM. Permissions are attached by default to a specific group. Permissions can also be configured on a user level. Each group has a specific set of permissions with a 1:1 ratio (one set of permissions is available for one group and vice versa).

The same theory applies to users. For example, a user belonging to a group automatically inherits the group’s permissions. If a specific permission is added or removed from the user, the user has a specific set of permissions.

You can configure permissions on a system, group, or user level. Each level overrides the preceding level.

Certain permissions are dependent upon features. If a user does not have the feature in the profile to which the user is attached, the permission is not available to the user.

The permissions mechanism must read the profile content and allow configuring permissions for the relevant features in the profile and changing the permissions. Features that are not in a specific profile do not appear in the User Management at all.

Permissions and Profiles

Certain features of the system are included as part of the profile definition and require permission controls. The permissions mechanism allows configuring or changing permissions for the relevant features in the profile. Features that are not in a specific profile do not appear in the Security Manager. Most sites have more than one profile, so the permissions mechanism must be able to read the profile that is relevant for a specific user or group.