test

Maintaining Sun Master Indexes (Repository)

Defining Master Index Security (Repository)

Sun Master Index supports security at the user and function level and also supports Secure Sockets Layer (SSL) authentication. A secure user name and password must be defined for each master index application user to connect to the database and to log on to the Enterprise Data Manager (EDM). For each user account you define, you must specify one or more roles in order for that user to be able to perform any functions in the EDM.

In order for security roles to function correctly, authorization security must be enabled in the Enterprise Data Manager file. To enable security, set the enable-security element to “true”. By default, this element is set to “false” (the default is “true” for Sun Master Patient Index).

Security for master index applications running on the Sun Java System Application Server is configured using the Admin Console. You can also define security using a Lightweight Directory Access Protocol (LDAP) server, using the roles defined in Master Index User Roles (Repository).

ProcedureTo Create a Master Index User Account

  1. Log on to the Sun Java System Application Server Admin Console.

  2. In the left portion of the page, expand Configuration, expand Security, expand Realms, and then select File.

  3. On the Edit Realm page, select Manage Users.

  4. On the File Users page, select New.

  5. In the User ID field, enter a name for the user.

  6. In the Group List field, enter one or more of the user roles listed in Master Index User Roles (Repository), separating multiple groups with a comma.

  7. After you have added all required user roles, enter a password for the user in the New Password field.

  8. In the Confirm New Password field, enter the password again.

  9. Click OK.

Master Index User Roles (Repository)

At a minimum, each user must be assigned to the eView.Admin role, or must be assigned to the eView.User role and the role that provides access to the initial page as described below (the initial page can be configured in the Enterprise Data Manager file).

The user role names listed below are case-sensitive.

Table 1 User Roles and Descriptions

User Role 

Description 

AL.View

Gives access permission to search for and view audit log entries, and to generate and print the search results report. 

Duplicate.All 

Gives access permission to all potential duplicate functions. 

Duplicate.AutoResolve 

Gives access permission to permanently resolve potential duplicate records. This permission also requires Duplicate.SearchAndView. 

Duplicate.Print 

Reserved for future functionality. 

Duplicate.Resolve 

Gives access permission to resolve potential duplicate records. This permission also requires Duplicate.SearchAndView. 

Duplicate.SearchAndView 

Gives access permission to search for and view potential duplicate records, and to view and print the potential duplicate search results report. 

Duplicate.Unresolve 

Gives access permission to unresolve potential duplicate records that were previously resolved. This permission also requires Duplicate.SearchAndView. 

EO.All 

Gives access permission to all enterprise object functions described below. 

EO.Activate 

Gives access permission to activate enterprise records. 

EO.Create 

Gives access permission to create new enterprise records. 

EO.Compare 

Gives access permission to compare enterprise records. 

EO.Deactivate 

Gives access permission to deactivate enterprise records. 

EO.Edit 

Gives access permission to modify the SBR in enterprise records. 

EO.Merge 

Gives access permission to merge enterprise records. 

EO.OverwriteSBR 

Gives access permission to modify the SBR and to lock SBR fields for overwrite. 

EO.PrintComparison 

Reserved for future functionality. 

EO.PrintSBR 

Reserved for future functionality. 

EO.SearchAndViewSBR 

Gives access permission to search for and view single best records, and to generate and print the search results report. This group must be assigned to each user except those assigned the eView.Admin group. 

EO.Unmerge 

Gives access permission to unmerge enterprise records. 

EO.ViewMergeTree 

Gives access permission to view a merge history of an enterprise object. 

eView.Admin 

Gives access permission to all functions of the Enterprise Data Manager. 

eView.Reports 

Gives access permission to generate and view reports. (Note that this is not required to print search results reports, which is granted by the individual search access permissions.) 

eView.User 

Gives access to the EDM. This group must be assigned to each user except those assigned the eView.Admin group. 

eView.VIP 

Gives permission to view fields masked by any custom masking logic specified by the Enterprise Data Manager file. 

History.All 

Gives access permission to all history functions described below. 

History.Print 

Reserved for future functionality. 

History.SearchAndView 

Gives access permission to search for and view the transaction history of enterprise records and to generate and print the search results report. 

SO.All 

Gives access permission to all system record functions described below. 

SO.Add 

Gives access permission to add system records. 

SO.Edit 

Gives access permission to modify system records. 

SO.Merge 

Gives access permission to merge system records. 

SO.Print 

Reserved for future functionality. 

SO.Remove 

Gives access permission to delete system records. 

SO.Unmerge 

Gives access permission to unmerge system records. 

SO.View 

Gives access permission to view system records.