Security audit trail profiles cleanup Audit Messages #7

dcm4che · Dec 4, 2023 · 2d1af30 · 2d1af30
1 parent 84a6a67
commit 2d1af30
Showing 1 changed file with 132 additions and 19 deletions.
diff --git a/docs/security/audit/dicom-study-deleted.rst b/docs/security/audit/dicom-study-deleted.rst
@@ -1,42 +1,155 @@
 DICOM Study Deleted
 ===================
 
+This message describes the event of deletion of one or more studies and all associated SOP Instances in a single action.
+and it shall only include information about a single patient.
+
 Trigger Events
 --------------
 
 This message is emitted by the archive when :
 
 - Study in a **local archive** is **completely rejected** using :
-    - Archive UI : Reject Study function (*Navigation page Studies tab with local archive QIDO_RS web application*)
-    - `Reject Study <https://petstore.swagger.io/index.html?url=https://dcm4che.github.io/dcm4chee-arc-light/swagger/openapi.json#/IOCM-RS/RejectStudy>`_
-    REST Service invoked by an external client
+  - Archive UI : Reject Study function (*Navigation page Studies tab with local archive QIDO_RS web application*)
+  - `Reject Study <https://petstore.swagger.io/index.html?url=https://dcm4che.github.io/dcm4chee-arc-light/swagger/openapi.json#/IOCM-RS/RejectStudy>`_ REST Service invoked by an external client
 
-- Study in a **local archive** is **completely rejected** on receive of **Rejection Notes Key Objects** using `RAD-66 <http://www.ihe.net/uploadedFiles/Documents/Radiology/IHE_RAD_TF_Vol1.pdf#page=40>`_
-  transaction, over :
-    - DICOM C-Store
-    - `Store over Web of DICOM Objects <https://petstore.swagger.io/index.html?url=https://dcm4che.github.io/dcm4chee-arc-light/swagger/openapi.json#/STOW-RS>`_ REST Services
+- Study in a **local archive** is **completely rejected** on receive of **Rejection Notes Key Objects** using `RAD-66 <http://www.ihe.net/uploadedFiles/Documents/Radiology/IHE_RAD_TF_Vol1.pdf#page=40>`_ transaction, over :
+  - DICOM C-Store
+  - `Store over Web of DICOM Objects <https://petstore.swagger.io/index.html?url=https://dcm4che.github.io/dcm4chee-arc-light/swagger/openapi.json#/STOW-RS>`_ REST Services
 
 - Expired study is **completely rejected** by Reject Expired Studies Scheduler
-- Previous study is **completely rejected** on subsequent receive of objects having same SOP Instance UID but different
-  Study/Series Instance UIDs
+- Previous study is **completely rejected** on subsequent receive of objects having same SOP Instance UID but different Study/Series Instance UIDs
 - Study in an **external archive** is **completely rejected** using :
-    - Archive UI : Reject Study function (*Navigation page Studies tab with external archive QIDO_RS web application*)
-    - `Reject Study from StoreSCP <https://petstore.swagger.io/index.html?url=https://dcm4che.github.io/dcm4chee-arc-light/swagger/openapi.json#/IOCM-RS/RejectStudyStoreSCP>`_
-    and `Query FindSCP Reject Study from StoreSCP <https://petstore.swagger.io/index.html?url=https://dcm4che.github.io/dcm4chee-arc-light/swagger/openapi.json#/IOCM-RS/QueryFindSCPRejectStudyStoreSCP>`_
-    REST Services
+  - Archive UI : Reject Study function (*Navigation page Studies tab with external archive QIDO_RS web application*)
+  - `Reject Study from StoreSCP <https://petstore.swagger.io/index.html?url=https://dcm4che.github.io/dcm4chee-arc-light/swagger/openapi.json#/IOCM-RS/RejectStudyStoreSCP>`_ and `Query FindSCP Reject Study from StoreSCP <https://petstore.swagger.io/index.html?url=https://dcm4che.github.io/dcm4chee-arc-light/swagger/openapi.json#/IOCM-RS/QueryFindSCPRejectStudyStoreSCP>`_ REST Services
 
 - Study in a **local archive** is **completely deleted** by :
-    - Purge Storage Scheduler
-    - `Delete Study Permanently <http://petstore.swagger.io/index.html?url=https://raw.githubusercontent.com/dcm4che/dcm4chee-arc-light/master/dcm4chee-arc-ui2/src/swagger/openapi.json#/IOCM-RS/DeleteStudy>`_
-    REST Service invoked by an external client or using archive UI
-    - `Delete Patient Permanently <https://petstore.swagger.io/index.html?url=https://dcm4che.github.io/dcm4chee-arc-light/swagger/openapi.json#/PAM-RS/DeletePatient>`_
-    REST Service invoked by an external client or using archive UI
-
+  - Purge Storage Scheduler
+  - `Delete Study Permanently <http://petstore.swagger.io/index.html?url=https://raw.githubusercontent.com/dcm4che/dcm4chee-arc-light/master/dcm4chee-arc-ui2/src/swagger/openapi.json#/IOCM-RS/DeleteStudy>`_ REST Service invoked by an external client or using archive UI
+  - `Delete Patient Permanently <https://petstore.swagger.io/index.html?url=https://dcm4che.github.io/dcm4chee-arc-light/swagger/openapi.json#/PAM-RS/DeletePatient>`_ REST Service invoked by an external client or using archive UI
 - Study `deleted on reimport <https://petstore.swagger.io/index.html?url=https://raw.githubusercontent.com/dcm4che/dcm4chee-arc-light/master/dcm4chee-arc-ui2/src/swagger/openapi.json#/IOCM-RS/ReimportStudy>`_
 
 Message Structure
 -----------------
 
+.. csv-table:: DICOM Study Deleted Message
+   :name: dicom-study-deleted
+   :widths: 15, 15, 2, 45, 15
+   :header: Real World Entities, Field Name, Opt, Value Constraints, Note
+
+   Event, Event ID, M, "| EV (110105, DCM, 'DICOM Study Deleted')",
+   , Event Action Code, M, D (= Delete),
+   , Event Date Time, M, , The time at which the event occurred
+   , Event Outcome Indicator, M, "| 0 (= Success)
+   | OR
+   | 4 (= Minor Failure)", "| - Rejection / deletion of study was successful
+   |
+   | - Applicable if any exception caught on rejection / deletion of study"
+   , Event Outcome Description, U, "| Rejection Note Code Meaning
+   | OR
+   | Rejection Note Code Meaning & Exception Message
+   | OR
+   | Exception Message
+   | OR
+   | No value", "| - Applicable only if study is **completely rejected successfully**
+   |
+   | - Applicable only if study is **completely rejected** and an **exception** is caught
+   |
+   | - Applicable only if study is **completely deleted** and an **exception** is caught
+   |
+   |  - Applicable only if study is **completely deleted successfully**"
+   Active Participant - Archive, User ID, M, "| Device Name of archive
+   | OR
+   | REST Service Request URL
+   | OR
+   | AET of archive", "| - Applicable only if study is **completely rejected / deleted** by a *scheduler*
+   |
+   | - Applicable only if study is **completely rejected / deleted** using *REST services*
+   |
+   | - Applicable only if (previous) study is **completely rejected / deleted** over *DICOM C-Store*"
+   , User ID Type Code, U, "| EV (113877, DCM, 'Device Name')
+   | OR
+   | EV (12, RFC-3881, 'URI')
+   | OR
+   | EV (110119, DCM, 'Station AE Title')", "| - Applicable only if study is **completely rejected / deleted** by a *scheduler*
+   |
+   | - Applicable only if study is **completely rejected / deleted** using *REST services*
+   |
+   | - Applicable only if (previous) study is **completely rejected / deleted** over *DICOM C-Store*"
+   , User Type Code, U, 2 (= Application),
+   , Alternative User ID, MC, , Process ID of Audit logger
+   , User Is Requestor, M, "| true
+   | OR
+   | false",  "| - Applicable only if study is **completely rejected / deleted** by a *scheduler*
+   |
+   | - Applicable only if (previous) study is **completely rejected / deleted** over *DICOM C-Store* / *REST services*"
+   , Network Access Point ID, U, , Hostname/IP Address of the connection referenced by Audit logger
+   , Network Access Point Type Code, U, "| 1 (= Machine name)
+   | OR
+   | 2 (= IP Address)", "| - Applicable if NetworkAccessPointID is a **hostname**
+   |
+   | - Applicable if NetworkAccessPointID is an **IP Address**"
+   Active Participant - Requestor, , U, , Available only if study is **completely rejected / deleted** by person or external system
+   , User ID, M, "| User Name
+   | OR
+   | Remote IP Address
+   | OR
+   | AET of calling system", "| - Applicable only if study is **completely rejected / deleted** using *REST services* of *secured archive*
+   |
+   | - Applicable only if study is **completely rejected / deleted** using *REST services* of *unsecured archive*
+   |
+   | - Applicable only if (previous) study is **completely rejected / deleted** over *DICOM C-Store*"
+   , User ID Type Code, U, "| EV (113871, DCM, 'Person ID')
+   | OR
+   | EV (110182, DCM, 'Node ID')
+   | OR
+   | EV (110119, DCM, 'Station AE Title')", "| - Applicable only if study is **completely rejected / deleted** using *REST services* of *secured archive*
+   |
+   | - Applicable only if study is **completely rejected / deleted** using *REST services* of *unsecured archive*
+   |
+   | - Applicable only if (previous) study is **completely rejected / deleted** over *DICOM C-Store*"
+   , User Type Code, U, "| 1 (= Person)
+   | OR
+   | 2 (= Application)", "| - Applicable only if study is **completely rejected / deleted** using *REST services* of *secured archive*
+   |
+   | - Applicable only if study is **completely rejected / deleted** using *REST services* of *unsecured archive* OR if (previous) study is **completely rejected / deleted** over *DICOM C-Store*"
+   , User Is Requestor, M, true,
+   , Network Access Point ID, U, , Hostname/IP Address of calling host
+   , Network Access Point Type Code, U, "| 1 (= Machine name)
+   | OR
+   | 2 (= IP Address)", "| - Applicable if NetworkAccessPointID is a **hostname**
+   |
+   | - Applicable if NetworkAccessPointID is an **IP Address**"
+   Active Participant - External Archive, , U, , Available only if study is **completely rejected** in an external archive
+   , User ID, M, AET of external archive,
+   , User ID Type Code, U, "| EV (110119, DCM, 'Station AE Title')",
+   , User Type Code, U, 2 (= Application),
+   , User Is Requestor, M, false,
+   , Network Access Point ID, U, , Hostname/IP Address of external archive host
+   , Network Access Point Type Code, U, "| 1 (= Machine name)
+   | OR
+   | 2 (= IP Address)", "| - Applicable if NetworkAccessPointID is a **hostname**
+   |
+   | - Applicable if NetworkAccessPointID is an **IP Address**"
+   Participating Object - Study, Participating Object ID, M, The Study Instance UID,
+   , Participant Object Type Code, M, 2 (= System Object),
+   , Participant Object Type Code Role, M, 3 (= Report),
+   , Participant Object ID Type Code, M, "| EV (110180, DCM, 'Study Instance UID')",
+   , Participant Object Detail, U, , "| Base64 encoded value of *Study Date (0008,0020)* if available"
+   , Participant Object Description, U, ,
+   , > Accession, U, , "| Value of *Accession Number (0008,0050)* if available"
+   , > SOP Class, MC, ,
+   , >> UID, MC, SOP Class UID of DICOM objects,
+   , >> Number of Instances, MC, No. of Instances of the SOP Class,
+   , >> Instances, U, SOP Instance UIDs of DICOM objects, "| Available only if *Event Outcome Indicator = 4* (i.e. Minor Failure)
+   | OR
+   | `Include Instance UIDs <https://dcm4chee-arc-cs.readthedocs.io/en/latest/networking/config/auditLogger.html#dcmauditincludeinstanceuid>`_ of Audit Logger is set to *true*"
+   Participating Object - Patient, Participating Object ID, M, The patient identifiers, *~* separated list of unique patient identifiers of a patient
+   , Participant Object Type Code, M, 1 (= Person),
+   , Participant Object Type Code Role, M, 1 (= Patient),
+   , Participant Object ID Type Code, M, "| EV (2, RFC-3881, 'Patient Number')",
+   , Participant Object Name, U, The patient name,
+
 .. csv-table:: Entities in DICOM Study Deleted Audit Message
 
     :ref:`event-identification-study-deleted`