Re: [Gnumed-devel] To Infinity and Beyond

[Karsten Hilbert]

> a.  On the server side, we need to create acutal "nurse" or 
> "medical_assistant", or "doctor" or "front_office" database
No. No need to create databases for the various roles. But I
guess you meant database *accounts*, right ?  Yes, those need
to be created. The status here is that security management
isn't particularly well thought out yet. Currently we are
putting database user accounts into groups and assign
PostgreSQL permissions to those groups. This is table-level
access control and probably too coarse. Actually, granularity
would have to be at the item level (per-row, roughly). We sort
of have a handle on that by allowing to encrypt text data with
arbitrary keys in-place.

However, one needs to keep in mind that the target sites for
GnuMed are smaller to medium-sized GP practices were nearly
everyone has the same access rights apart from a few sensitive
items per patient. Thusly, we can get around being too anal
about role-based tight security in a way. HIPPA runs counter
to that, of course.

The bootstrap files and gmTestAccounts.sql taken together
should provide an overview of how setting up users is
currently envisaged.

< and maybe even 
> system accounts?
Not that I know. It may become useful one day when we are
running cron scripts on the server for maintenance/monitoring.
One such script would be the cross-database foreign key
reference validator.

> b.  We need to run some server bootstrap script. Like maybe archive.conf ?
If you want to setup your own backend. Start with
monolithic_core.conf and follow up with some bootstrap-XX.conf
where XX denotes the ISO country code (DE and AU so far).

Karsten
-- 
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD  4537 78B9 A9F9 E407 1346