CCTS User and Role Provisioning Architecture
From CTMS_WIKI
Contents |
Introduction
Background
The caBIG Clinical Trials Suite (CCTS) is an enterprise clinical trials system being designed primarily for use in trial sites. The suite is comprised of a collection of interoperable modules covering a broad range of key areas in cancer clinical trials management. These include patient registration via C3PR, patient scheduling via PSC, adverse events reporting via caAERS, lab analysis via LabViewer, and clinical data management via C3D. Integration between these applications is centered around five key scenarios: Study Creation, Register Subject, Load Labs in CDMS, Lab-driven AE Creation, and AE-Triggered Schedule Change. The implementation is based upon the caGrid infrastructure with caXchange as the Enterprise Service Bus for reliable message routing and GAARDS providing robust security.
Scope
This document describes the approach for managing users and their roles within CCTS.
This document is a work in progress used strictly for planning for the CCTS 2.0 release. Up until that release, it could be altered in any way.
Related Documentation
Requirements
| Req. ID | Requirement Description |
| CCTS-URP-001 | A web application should be used to provision users (referred to hereafter as the user provisioning application) |
| CCTS-URP-002 | A web application should be used to provision roles (referred to hereafter as the role provisioning application) |
| CCTS-URP-003 | The user provisioning application and role provisioning application should be the same application |
| CCTS-URP-004 | Web applications should be able to be plugged into the CCTS portal |
| CCTS-URP-101 | The user provisioning application must support creating new users by assigning a user name and password |
| CCTS-URP-102 | The user provisioning application must support removing or deactivating users |
| CCTS-URP-103 | The user provisioning application must support the CCTS component for user management (i.e. CSM) |
| CCTS-URP-104 | The user provisioning application should support assignment of a grid identity |
| CCTS-URP-105 | The user provisioning application should allow for individual users to change their password |
| CCTS-URP-106 | The user provisioning application should leverage the CCTS authorization module to determine the users that can manage users |
| CCTS-URP-201 | The role provisioning application must allow roles to be assigned to existing users |
| CCTS-URP-202 | The role provisioning application must allow roles to be removed or deassigned from users |
| CCTS-URP-203 | The role provisioning application must allow a variety of privileges to be assigned or de-assigned to roles |
| CCTS-URP-204 | The role provisioning application must allow users to have privileges on specific entities (e.g: referred to protection elements in CSM). |
| CCTS-URP-205 | The specific entities mentioned in CCTS-URP-204 cross across applications and hence need not be linked to individual applications. |
| CCTS-URP-206 | The application should allow the creation of users without any roles/privileges being assigned to them. |
| CCTS-URP-207 | The role provisioning application must support the CCTS component for role management (i.e. GridGrouper) |
| CCTS-URP-208 | The role provisioning application should leverage the CCTS authorization module to determine the users that can manage roles |
| CCTS-URP-209 | The role provisioning application should allow the provisioning of multiple roles for a user at a single time (e.g. through a set of checkboxes) |
| CCTS-URP-210 | The role provisioning application must support the hierarchicaly structure of CCTS roles, which includes system-level roles, site-level roles, and study-level roles |
| CCTS-URP-211 | The role provisioning application should insulate the user as much as possible from the hierarchicaly nature of the roles (e.g. the user should be able to provision all site-level roles for a single user without having to navigate between groups) |
| CCTS-URP-212 | The role provisioning application should allow the user to have different privileges based on the application being accessed. (e.g. the user should be able to have different privileges for different application all the while having the same centralized role) |
Architecture
The architecture for user and role provisioning is still being hashed out. We are exploring the possibility of extending UPT for use with GridGrouper while still meeting the requirements listed above. An alternative is to develop an application specific to CCTS for managing users and roles in an intuitive way.
