This file is indexed.

/usr/share/doc/gnumed/user-manual/GmManualManagingUsers.html is in gnumed-doc 1.1.7-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
<h1><a name="Managing_GNUmed_Users"></a>  Managing GNUmed Users </h1>
<p />
This topic follows on the more general topic, <a href="GmManualAccountManagement.html" class="twikiLink">GmManualAccountManagement</a>.
<p />
<div class="twikiToc"> <ul>
<li> <a href="#Concepts"> Concepts</a>
</li> <li> <a href="#Adding_GNUmed_users"> Adding GNUmed users</a>
</li> <li> <a href="#Editing_users_and_resetting_forg"> Editing users and resetting forgotten passwords</a>
</li> <li> <a href="#Additional_background_about_Post"> Additional background about Postgres</a>
</li></ul> 
</div>
<p />
<h2 class="twikinetRoundedAttachments"><span class="twikinetHeader"><a name="Concepts"></a> Concepts </span></h2>
<p />
<strong><em>A person is a person is a person</em></strong>
<p />
Any person GNUmed is to know about must have an entry in the demographics database. There is no difference whether it is staff, a patient, or a contact.
<p />
<strong>GNUmed User</strong>
<p />
A (GNUmed level) account needed to use the GNUmed user interface. Equivalent to a <em>"staff member"</em> or <em>"provider"</em>.
<p />
<strong>Database User</strong>
<p />
A (PostgreSQL level) account needed to access the tables in the GNUmed database. Database users belong to database groups which in turn define their access rights.
<p />
<strong>Database Group</strong>
<p />
A group of users in the database. Membership in database groups defines the access rights for a database user. Most database groups are equivalent to <em>care teams</em>. There are some special purpose database groups, however.
<p />
<strong>Care Team</strong>
<p />
In the database, access to patient data is granted to database groups. Currently (as of January 2010) GNUmed uses only one care team named <em>gm-doctors</em> for all patients. In later versions GNUmed will introduce fine-grained access control for arbitrarily defined care teams.
<p />
<strong>Accountability</strong>
<p />
Any change to the data is tracked in the database. It will record the database user that was used for the change along with the date and time of the change. To ensure proper identification of the staff member, database accounts (other than gm-dbo) are created on a purely one-to-one basis with an associated GNUmed user. Successful login to the GNUmed software is only possible for valid database username / password combinations which have already associated-with them a GNUmed staff.
<p />
<h2 class="twikinetRoundedAttachments"><span class="twikinetHeader"><a name="Adding_GNUmed_users"></a> Adding GNUmed users </span></h2>
<p />
To add a new staff member to the GNUmed system the following steps must be taken:
<p /> <ol>
<li> add a new person to the demographics database <ul>
<li> from the main menu select <em>GNUmed</em> / <em>Users</em> / <em>Add user</em>
</li> <li> complete the wizard
</li> <li> the new person will now be the active "patient"
</li></ul> 
</li> <li> enlist the activated patient as a staff member <ul>
<li> the <em>Add user</em> dialog will appear
</li> <li> complete the dialog
</li></ul> 
</li></ol> 
<p />
To register an existing person as staff:
<p /> <ol>
<li> search for that person and make it the active patient
</li> <li> go to <em>Person</em> / <em>Enlist as user</em> and complete the dialog
</li></ol> 
<p />
To logon as the new staff member exit GNUmed and enter the database account associated with the new staff member into the login GUI.
<p />
<em>Note: Presently, users created under the role 'nurse' for example 'Dr RN Chapel (Christine)' cannot login, because the role and associated database account have not yet been assigned functionality.</em>
<p />
<h2 class="twikinetRoundedAttachments"><span class="twikinetHeader"><a name="Editing_users_and_resetting_forg"></a> Editing users and resetting forgotten passwords </span></h2>
<p />
Deactivated users will display in blue and, while inactivated, will be unable to login. A display in red means GNUmed detected a problem with the user's setup (as can be a remnant of the original installation process), correctable by Activating the user.
<p />
Passwords will have been stored, by result of gm.create_user() function, as a  This can only be done outside of GNUmed itself using, for example, the <code>psql</code> application.
<p />
As root, navigate to the directory containing <code>psql</code> (or ensure it is in your $PATH) and issue a command like follows, targeting the version of the database whose user account is to be modified:
<p />
<pre>
$&#62; psql -d gnumed&#95;v16 -U gm-dbo
gnumed&#95;v16&#61;&#62; set default&#95;transaction&#95;read&#95;only to off;
gnumed&#95;v16&#61;&#62; ALTER USER &#34;any-doc&#34; WITH ENCRYPTED PASSWORD &#39;any-doc2&#39;;
gnumed&#95;v16&#61;&#62; \q
$&#62;
</pre>
<p />
Note the style of quoting above is important, otherwise PostgreSQL will try to subtract "doc" from "any" which won't work.
<p />
<h2 class="twikinetRoundedAttachments"><span class="twikinetHeader"><a name="Additional_background_about_Post"></a> Additional background about Postgres </span></h2>
<p />
Databases are like books, while schemata are like chapters, and tables are pages. A cluster, on the other hand, is like a shelf of books.
<p />
At the postgres level there exist database accounts which get granted access rights for certain databases, tables, schemata, functions,
etc regardless of any one or multiple applications which may like to make use of such accounts
<p />
<pre>
- any-doc
- gm-dbo
- ...
</pre>
<p />
two of which cannot carry the same name within a single PostgreSQL cluster, and it will depend on what rights have been granted in pg_hba.conf which databases/tables any account can actually access.
<p />
What <strong>applications</strong> like GNUmed or LSMB <strong>associate</strong> with such accounts PostgreSQL careth not.
<p />
A GNUmed level staff account consists of three distinct parts:
<p /> <ol>
<li> a GNUmed person (dem.identity)
</li> <li> a GNUmed staff member (dem.staff) linked to the GNUmed person
</li> <li> a PostgreSQL account associated with the GNUmed staff member
</li></ol> 
<p />
<hr />
<p />
<hr />