DQR Admin: How to Restrict PACS Access by User

As an XNAT Administrator, one of your primary responsibilities is to act as a gateway to determine who can access what levels of functionality. Since the DICOM Query-Retrieve plugin offers such powerful access to PACS systems and potentially patient data, we have added functionality to allow you to restrict who can take advantage of this access.

Step 1: Disable DQR Access for All Users

This is the default state of the DQR plugin when it is first installed. Nonetheless, it's useful to check to be sure.

1. Log in as a Site Administrator

2. Navigate to Administer > Plugin Settings and go to the DICOM Query-Retrieve Plugin tab.

3. Scroll down to "Other Preferences". Set "Allow DQR For All Users" to "disabled" if it is not already.

4. Scroll down to the bottom of that panel and click "Save"

You have just set a rule that requires users to have a special role in order to use the DQR plugin features. This applies to all users, including yourself!

Grant DQR Access to Individual Users

Let's use your own administrative user account as the test case here.

1. While logged in as a site administrator, go to Administer > Users in the top navigation to bring up the User management panel.

2. Click on your own administrative user account. A popup dialog will open.

3. Click on "Edit Advanced Settings". A second dialog will open on top of the first one.

4. Scroll down to the "Define Security Settings" panel. Then, find the "DQR Access" role and make sure it is selected. (It will be deselected by default.)

5. Be sure to click "Save" within the "Define Security Settings" panel. Then you can click "Close" to close the user dialogs.

Your user account now has access to DQR functionality. To test this out, navigate to a DQR-enabled project and click on "Import From PACS" in the Actions box. This link will only appear for authorized users. Likewise, the "Send to PACS" link on image session report pages only appears for DQR-enabled users.