Defining Master Index Security (Repository)

Oracle Java CAPS Master Index supports security at the user and function level and also supports Secure Sockets Layer (SSL) authentication. A secure user name and password must be defined for each master index application user to connect to the database and to log on to the Enterprise Data Manager (EDM). For each user account you define, you must specify one or more roles in order for that user to be able to perform any functions in the EDM.

In order for security roles to function correctly, authorization security must be enabled in the Enterprise Data Manager file. To enable security, set the enable-security element to “true”. By default, this element is set to “false” (the default is “true” for Oracle Java CAPS Master Patient Index).

Security for master index applications running on the GlassFish Application Server is configured using the Admin Console. You can also define security using a Lightweight Directory Access Protocol (LDAP) server, using the roles defined in Master Index User Roles (Repository).

To Create a Master Index User Account

Log on to the GlassFish Application Server Admin Console.
In the left portion of the page, expand Configuration, expand Security, expand Realms, and then select File.
On the Edit Realm page, select Manage Users.
On the File Users page, select New.
In the User ID field, enter a name for the user.
In the Group List field, enter one or more of the user roles listed in Master Index User Roles (Repository), separating multiple groups with a comma.
After you have added all required user roles, enter a password for the user in the New Password field.
In the Confirm New Password field, enter the password again.
Click OK.

Master Index User Roles (Repository)

At a minimum, each user must be assigned to the eView.Admin role, or must be assigned to the eView.User role and the role that provides access to the initial page as described below (the initial page can be configured in the Enterprise Data Manager file).

If the Search page is the initial page, then users must be assigned to the EO.SearchAndViewSBR role.
If the Matching Review page is the initial page, then users must be assigned to the Duplicate.SearchAndView role.
If the History page is the initial page, then users must be assigned to the History.SearchAndView role.
If the Create EO page is the initial page, then users must be assigned to the EO.Create role.
If the Reports page is the initial page, then users must be assigned to the eView.Reports role.

The user role names listed below are case-sensitive.

Table 1 User Roles and Descriptions

User Role	Description
AL.View	Gives access permission to search for and view audit log entries, and to generate and print the search results report.
Duplicate.All	Gives access permission to all potential duplicate functions.
Duplicate.AutoResolve	Gives access permission to permanently resolve potential duplicate records. This permission also requires Duplicate.SearchAndView.
Duplicate.Print	Reserved for future functionality.
Duplicate.Resolve	Gives access permission to resolve potential duplicate records. This permission also requires Duplicate.SearchAndView.
Duplicate.SearchAndView	Gives access permission to search for and view potential duplicate records, and to view and print the potential duplicate search results report.
Duplicate.Unresolve	Gives access permission to unresolve potential duplicate records that were previously resolved. This permission also requires Duplicate.SearchAndView.
EO.All	Gives access permission to all enterprise object functions described below.
EO.Activate	Gives access permission to activate enterprise records.
EO.Create	Gives access permission to create new enterprise records.
EO.Compare	Gives access permission to compare enterprise records.
EO.Deactivate	Gives access permission to deactivate enterprise records.
EO.Edit	Gives access permission to modify the SBR in enterprise records.
EO.Merge	Gives access permission to merge enterprise records.
EO.OverwriteSBR	Gives access permission to modify the SBR and to lock SBR fields for overwrite.
EO.PrintComparison	Reserved for future functionality.
EO.PrintSBR	Reserved for future functionality.
EO.SearchAndViewSBR	Gives access permission to search for and view single best records, and to generate and print the search results report. This group must be assigned to each user except those assigned the eView.Admin group.
EO.Unmerge	Gives access permission to unmerge enterprise records.
EO.ViewMergeTree	Gives access permission to view a merge history of an enterprise object.
eView.Admin	Gives access permission to all functions of the Enterprise Data Manager.
eView.Reports	Gives access permission to generate and view reports. (Note that this is not required to print search results reports, which is granted by the individual search access permissions.)
eView.User	Gives access to the EDM. This group must be assigned to each user except those assigned the eView.Admin group.
eView.VIP	Gives permission to view fields masked by any custom masking logic specified by the Enterprise Data Manager file.
History.All	Gives access permission to all history functions described below.
History.Print	Reserved for future functionality.
History.SearchAndView	Gives access permission to search for and view the transaction history of enterprise records and to generate and print the search results report.
SO.All	Gives access permission to all system record functions described below.
SO.Add	Gives access permission to add system records.
SO.Edit	Gives access permission to modify system records.
SO.Merge	Gives access permission to merge system records.
SO.Print	Reserved for future functionality.
SO.Remove	Gives access permission to delete system records.
SO.Unmerge	Gives access permission to unmerge system records.
SO.View	Gives access permission to view system records.

Skip Navigation Links
Exit Print View
	Maintaining Oracle Java CAPS Master Indexes (Repository) Java CAPS Documentation