1 Create and manage user accounts and user groups

In this chapter you will learn how to:

Configure user accounts

User accounts can be created in three ways:

Through Oracle Access Manager (OAM)

In Oracle Access Manager (OAM). If OAM is configured, the user can set his/ her credentials:

  • The user can log into the OHTR application by using the single sign-on interface which is shared among multiple applications.

    For example, with an Oracle Business Intelligence Enterprise Edition Plus (OBIEE) full license, the same credentials can be used for generating OBIEE reports.

  • The user creates the password, which is not visible to an administrator.

  • After a configurable number of unsuccessful login attempts, the user is locked out.

  • After a configurable amount of inactive time, the login session times out.

Note:

Roles are automatically setup as described in Manage roles and permissions.

Through a WebLogic instance

If OAM is not configured, the identified roles must be manually set up in a WebLogic instance. For more information, see Create Users and Add Users to Groups in the Oracle® Fusion Middleware Oracle WebLogic Server Administration Console Online Help available at

https://docs.oracle.com/middleware/1221/wls/WLACH/taskhelp/security/ManageUsersAndGroups.html

Through the Oracle Database

For users who want to access the backend database of OHTR, the COHORTDATAMARTUSER role is granted, giving data access only through views, not tables and preventing PII access except through explicit assignments.

Set up the logging level for Cohort Explorer

To set the logging level of TRC modules for tracking users and activities within the application:

  1. Execute wlst.sh (or wlst.cmd) in MW_HOME/oracle_common/common/bin, where

    MW_HOME is the home directory of Oracle Middleware.

  2. Connect to the WebLogic server.

    connect('username','password','t3://hostname:port_number')

  3. Run in domainRuntime tree, which is required for WLST logging commands.

    domainRuntime()

  4. Set the logging level of oracle.hsgbu.trc with the following command:

    setLogLevel(target='SERVER_NAME', logger='oracle.hsgbu.trc', level='INFO', addLogger=1)

    Where SERVER_NAME is the name of the target server where TrcApp is deployed.

  5. Run the following command to verify the logging level:

    getLogLevel(target='SERVER_NAME', logger='oracle.hsgbu.trc') The following should be displayed: NOTIFICATION:1

    You can update the level to the desired WebLogic logging severity levels mentioned here: https://docs.oracle.com/middleware/12213/wls/WLLOG/logging_services.htm#WLLOG116

This log will be available at the following location <MW_HOME>/user_projects/domains/oh_domain/servers/<managed_server_name>/logs

File name of the log file will be: <managed_server_name>-diagnostic.log

Manage roles and permissions

The OHTR user is assigned one or more of the following roles:

Note:

Users belonging only to the following groups have limited functionality based on the assigned roles:

  • trc-comics-limited-user-group

  • trc-limited-user-group

  • trc-basic-user-group

Role Permissions Accessible Screens
trc-bioinformatician-group
  • Can download files that have a link stored in Oracle Healthcare Omics (OHO, formerly known as ODB) and can be located in the middle tier in an accessible location.

  • Cannot build new reports or modify the content of existing reports.
  • Cohort Query Tab

  • Cohort Query Tab: Genomic Data (tab in accordion)

  • Query Tab: Relative Time Events: gene variant (radio button)

  • Cohort Viewer (top tab)

  • Cohort Viewer: Cohort List

  • Cohort Viewer: Cohort Timeline

  • Cohort Reports

  • Cohort Viewer: Genomic Data Export

  • Single Patient Viewer: View Record

  • Single Patient Viewer: View Record: Genomic Data Collected

  • Circular Genomic Viewer (Visquick)

  • Genomic Query

  • Genomic Query: Columns after searching for gene/variant coming from CDM (Patient Count, Specimen Anatomical Site columns)

  • My Workspace: My Recent Queries

  • My Cohort Lists

  • Queries or Lists shared with me

  • Queries or Lists shared with All

  • My Queries

  • Gene Sets

  • Manage Gene Sets

  • Jobs
trc-cohort-group
  • Can query any data from CDM but cannot query OHO directly.

  • Can export the clinical data in a supported format and view the Dashboard.

  • Cannot build new reports or modify the content of existing reports.
  • Cohort Query Tab

  • Cohort Query Tab: Relative Time Events: gene variant (radio button)

  • Cohort Viewer (top tab)

  • Cohort Viewer: Cohort List

  • Cohort Viewer: Cohort Timeline

  • Single Patient Viewer: View Record

  • My Workspace: My Recent Queries

  • Short Cuts

  • My Cohort Lists

  • Queries or Lists shared with me

  • Queries or Lists shared with All

  • My Queries
trc-limited-user-group
  • Can view the patient count on the Query Patients page

  • Cannot build new reports or modify the content of existing reports.
  • Cohort Query Tab (Save Query button is not accessible)

  • My Workspace: My Recent Queries
trc-omics-group
  • Can query and read data from OHO

  • Can export omics data in file formats readable by genome viewers. For example, VCF, SEG, RES formats for IGV.

  • Cannot build new reports or modify the content of existing reports.
  • Genomic Query

  • My Workspace: My Recent Queries

  • Short Cuts

  • Gene Sets

  • Jobs
trc-comics-limited-user-group
  • Can query data from CDM and OHO using Query Patients interface

  • Can only access Patient Genomic Data export within the Patient Viewer interface

  • Can create Gene Sets

  • Can view queries and gene sets
  • Cohort Query Tab

  • Cohort Query Tab: Genomic Data (tab in accordion)

  • Query Tab: Relative Time Events: gene variant (radio button)

  • Cohort Viewer (top tab)

  • Cohort Viewer: Genomic Data Export

  • My Workspace: My Recent Queries

  • Gene Sets

  • Jobs
trc-pi-user-group
  • Has specific privileges allowing access to identifiable information on patients or subjects

  • In Subject context, can view merged version of Patient and Subject clinical data all in one View Record page.
  • View personally identifiable (PI) information on the Cohort List page.

  • View PI data in Single Patient or Subject Viewer, View Record page.

  • Cohort Query Tab

  • Cohort Query Tab: Genomic Data (tab in accordion)

  • Query Tab: Relative Time Events: gene variant (radio button)

  • Cohort Viewer (top tab)

  • Cohort Viewer: Cohort List

  • Cohort List (PI attributes)

  • Cohort Viewer: Cohort Timeline

  • Cohort Reports

  • Cohort Viewer: Genomic Data Export

  • Single Patient Viewer: View Record

  • Single Patient Viewer: View Record (PI attributes)

  • Single Subject Viewer: View Record (PI attributes)

  • Single Subject Viewer: View Record (show patient data together)

  • Single Patient Viewer: View Record: Genomic Data Collected

  • Circular Genomic Viewer (Visquick)

  • Genomic Query

  • Genomic Query: Columns after searching for gene/variant coming from CDM (Patient Count, Specimen Anatomical Site columns)

  • My Workspace: My Recent Queries

  • Short Cuts

  • My Cohort Lists

  • Queries or Lists shared with me

  • Queries or Lists shared with All

  • My Queries

  • Gene Sets

  • Saved Queries

  • Jobs
trc-admin-group
  • Can create user accounts and user groups for sharing cohort queries or lists

  • Can add or remove users from groups

  • Can manage user roles

 Manage User Group

Administrate user groups

Administrating user groups can be done directly from the OHTR UI.

To simplify sharing, create user groups and assign users to them. Instead of sharing queries or lists with each user individually, set up a list of users to share multiple items to multiple users at the same time.

Note:

For more details on how to create, edit or delete user groups in the UI, check the Oracle Healthcare Translational Research User's Guide, on the Oracle Help Center.

Set limits for exporting variants

In OHTR, in the Single Patient Viewer screen, users can only export variants separately, instead of doing it for all phenotypes at once.

If the number of variants that they want to export is less or equal than the pre-configured limit of 50000, then all variants for the selected node are exported. If the number of variants that they want to export exceeds that limit, variants are then exported only for the selected chromosome within the node.

In some cases, that limit can be modified from the database. To change the limit:

  1. Log in the OHF/ OHTR database using the Enterprise (ENT) schema user or as an admin user.

  2. Find the current value of the Variant Export limit using this query:

    Select value from W_EHA_CONFIG_PARAMETER where name ='variant_export';

  3. Update the variant export limit with a different value, using this query:

    Update W_EHA_CONFIG_PARAMETER set value=<new_variant_export_limit> where name='variant_export';

    Instead of <new_variant_export_limit> add the new limit for exporting variants.

  4. Check with the user who wants to export variants to see if everything works.