Managing GNUmed Users
This topic follows on the more general topic,
GmManualAccountManagement.
Concepts
A person is a person is a person
Any person GNUmed is to know about must have an entry in the demographics database. There is no difference whether it is staff, a patient, or a contact.
GNUmed User
A (GNUmed level) account needed to use the GNUmed user interface. Equivalent to a
"staff member" or
"provider".
Database User
A (PostgreSQL level) account needed to access the tables in the GNUmed database. Database users belong to database groups which in turn define their access rights.
Database Group
A group of users in the database. Membership in database groups defines the access rights for a database user. Most database groups are equivalent to
care teams. There are some special purpose database groups, however.
Care Team
In the database, access to patient data is granted to database groups. Currently (as of January 2010) GNUmed uses only one care team named
gm-doctors for all patients. In later versions GNUmed will introduce fine-grained access control for arbitrarily defined care teams.
Accountability
Any change to the data is tracked in the database. It will record the database user that was used for the change along with the date and time of the change. To ensure proper identification of the staff member, database accounts (other than gm-dbo) are created on a purely one-to-one basis with an associated GNUmed user. Successful login to the GNUmed software is only possible for valid database username / password combinations which have already associated-with them a GNUmed staff.
Adding GNUmed users
To add a new staff member to the GNUmed system the following steps must be taken:
- add a new person to the demographics database
- from the main menu select GNUmed / Users / Add user
- complete the wizard
- the new person will now be the active "patient"
- enlist the activated patient as a staff member
- the Add user dialog will appear
- complete the dialog
To register an existing person as staff:
- search for that person and make it the active patient
- go to Person / Enlist as user and complete the dialog
To logon as the new staff member exit GNUmed and enter the database account associated with the new staff member into the login GUI.
Note: Presently, users created under the role 'nurse' for example 'Dr RN Chapel (Christine)' cannot login, because the role and associated database account have not yet been assigned functionality.
Editing users and resetting forgotten passwords
Deactivated users will display in blue and, while inactivated, will be unable to login. A display in red means GNUmed detected a problem with the user's setup (as can be a remnant of the original installation process), correctable by Activating the user.
Passwords will have been stored, by result of gm.create_user() function, as a This can only be done outside of GNUmed itself using, for example, the
psql
application.
As root, navigate to the directory containing
psql
(or ensure it is in your $PATH) and issue a command like follows, targeting the version of the database whose user account is to be modified:
$> psql -d gnumed_v16 -U gm-dbo
gnumed_v16=> set default_transaction_read_only to off;
gnumed_v16=> ALTER USER "any-doc" WITH ENCRYPTED PASSWORD 'any-doc2';
gnumed_v16=> \q
$>
Note the style of quoting above is important, otherwise PostgreSQL will try to subtract "doc" from "any" which won't work.
Additional background about Postgres
Databases are like books, while schemata are like chapters, and tables are pages. A cluster, on the other hand, is like a shelf of books.
At the postgres level there exist database accounts which get granted access rights for certain databases, tables, schemata, functions,
etc regardless of any one or multiple applications which may like to make use of such accounts
- any-doc
- gm-dbo
- ...
two of which cannot carry the same name within a single PostgreSQL cluster, and it will depend on what rights have been granted in pg_hba.conf which databases/tables any account can actually access.
What
applications like GNUmed or LSMB
associate with such accounts PostgreSQL careth not.
A GNUmed level staff account consists of three distinct parts:
- a GNUmed person (dem.identity)
- a GNUmed staff member (dem.staff) linked to the GNUmed person
- a PostgreSQL account associated with the GNUmed staff member