-
Notifications
You must be signed in to change notification settings - Fork 7
Administration Console
The OpenIZ administration console permits the remote administration of an OpenIZ server without the need of using the web based administration tools.
Tool: oizac.exe
The following parameters are supported by the OpenIZ administration console:
| Option | Description | Example |
|---|---|---|
| realm | Sets the realm to connect to | --realm=demo.openiz.org |
| appId | Sets the OAUTH application identifier (default org.openiz.oizac) | --appId=fiddler |
| secret | Sets the application secret | --secret=fiddler |
| port | Changes the IMS port number (default: 8080 non-tls or 8443 for tls) | --port=8081 |
| tls | When true, instructs the client to force TLS mode | --tls |
| user | Sets the user to log into the server as | --user=administrator |
| password | Sets the password to use to login to the server | --password=Mohawk123 |
| verbose | Sets the verbosity of the output | --verbose |
| proxy | Sets the proxy address for connection | --proxy=http://localhost:8888 |
| help | Show help and exit | --help |
When launching the administrative console you will be presented with the default command prompt:
>
This prompt indicates that the console is ready for commands. Commands are entered in the following format:
> [cmd] [-option] [value]
For example:
> logcat -n 20 openiz_20180131
Some commands accept defualt parameters which are described by the help.
To escape, use the single quote
> logcat -g 'Loaded service' -n 20 openiz_20180131
Boolean commands can be combined, the following two commands are equivalent:
> userlist -h -l -a
> userlist -hla
Output can be redirected to a file using the > operator
> userlist -hla > users.txt
| Command | Name |
|---|---|
| chrole | Change Roles |
| clear | Clear Screen |
| dmesg | Diagnostic Messages |
| exit | Exit |
| help | Show Help |
| logcat | Display Log File |
| loglist | List log files |
| passwd | Change Password |
| roleadd | Add Role |
| sasm | Server Assembly List |
| sinfo | Server Information |
| svci | Server Service Information |
| useradd | Add user |
| userdel | Delete user |
| userinfo | Show user information |
| userlist | List users |
| userlock | Change user lock |
| userundel | Un-delete user |
| ver | Display version information |
| whoami | Who am I? |
Changes a user's roles to the specified roles
Arguments:
| Argument | Default | * | Description | Example |
|---|---|---|---|---|
| -r [role] | 1..* | The roles to assign the user | -r ADMINISTRATORS | |
| -u [user] | * | 1..1 | The name of the user to assign the role to | -u marty |
Example: Assign role CLINICAL_STAFF and USERS to user 'marty'
> chrole -r CLINICAL_STAFF -r USERS marty
Clear the screen
Arguments: None
Show diagnostic log information from the most recent log on the IMS server
Arguments:
| Argument | Default | * | Description | Example |
|---|---|---|---|---|
| -n [lines] | 0..1 | Limit output to n lines (default is 15) | -n 20 | |
| -g [regex] | 0..1 | Greps the output according to [regex] | -r 'OpenIZ.*?HL7' | |
| -t | 0..1 | Tails the file (start from bottom) | -t | |
| -h | 0..1 | Heads the file (start from top) | -h | |
| -p | 0..1 | Stop output after each console page is filled | -p | |
| -f [Verbose | Warning | Error] | 0..1 | |
| -r | 0..1 | Output the log in its raw form (instead of interpreted form) | -r | |
| -a | 0..1 | Output the entire log file | -a |
Example: Make a copy of the server log
> dmesg -ra > log.txt
Example: Search log for HTTP requests
> dmesg -ag 'HTTP RQO'
Example: Output all error messages which include Npgsql
> dmesg -f Error -g 'Npgsql' -a
Exits the application, clearing the console window
Show help information for all commands or a specific command
Arguments:
| Argument | Default | * | Description | Example |
|---|---|---|---|---|
| [cmd] | * | 0..1 | Show help for a particular command |
Example: Show help for the dmesg command
> help dmesg
Fetches a specific log file from the server and outputs its contents
Arguments:
| Argument | Default | * | Description | Example |
|---|---|---|---|---|
| -n [lines] | 0..1 | Limit output to n lines (default is 15) | -n 20 | |
| -g [regex] | 0..1 | Greps the output according to [regex] | -r 'OpenIZ.*?HL7' | |
| -t | 0..1 | Tails the file (start from bottom) | -t | |
| -h | 0..1 | Heads the file (start from top) | -h | |
| -p | 0..1 | Stop output after each console page is filled | -p | |
| -f [Verbose | Warning | Error] | 0..1 | |
| -r | 0..1 | Output the log in its raw form (instead of interpreted form) | -r | |
| -a | 0..1 | Output the entire log file | -a | |
| [file] | * | 1..1 | Identifies the log file to output |
Example: Search the openiz_20180125 log file for all errors containing Npgsql
> logcat openiz_20180125 -af Error -g 'Npgsql'
Lists all available log files on the server.
Arguments: None
Example: List logs on the server
> loglist
http_20180126 882 kb 2018-01-26T17:47:41.6514627-05:00
http_20180131 4 kb 2018-01-31T15:53:23.3260225-05:00
http_20180201 9 kb 2018-02-01T11:23:06.0530901-05:00
openiz_20170620 3 kb 2017-06-20T22:27:12.2527455-04:00
openiz_20170621 2 kb 2017-06-21T10:50:23.9304759-04:00
openiz_20170622 1 kb 2017-06-22T19:23:25.8514966-04:00
openiz_20170623 0 kb 2017-06-23T11:12:09.0160203-04:00
openiz_20170716 1 kb 2017-07-16T09:57:42.2297697-04:00
openiz_20170718 0 kb 2017-07-18T16:58:31.2946317-04:00
openiz_20170719 1 kb 2017-07-19T10:29:22.7782604-04:00
openiz_20170721 0 kb 2017-07-21T16:20:13.2274412-04:00
openiz_20170913 0 kb 2017-09-13T16:13:02.7024062-04:00
openiz_20180126 609 kb 2018-01-26T18:57:17.6849246-05:00
openiz_20180131 322 kb 2018-01-31T16:07:41.9050163-05:00
Changes a password.
Arguments:
| Argument | Default | * | Description | Example |
|---|---|---|---|---|
| -u [user] | * | 1..1 | The user for which the password is being changed | -u marty |
| -p [password] | 1..1 | The password to set | -p 'I like cats' |
Example: Change user marty's password to 'I like cats'
> passwd marty -p 'I like cats'
Adds a role to the IMS.
Arguments:
| Argument | Default | * | Description | Example |
|---|---|---|---|---|
| -p [policy] | 0..* | Specifies the policies which should be assigned to the role | -p LOGIN | |
| -d [description] | 0..1 | Provides a description for the role | -d 'Users in Ontario' | |
| -r [role] | * | 1..1 | The name of the role | -r ONT_USERS |
Example: Add a new role called 'chickens' to the IMS and allow them to login and read clinical data
roleadd -r chickens -d 'Users who happen to be poultry' -p Login -p 'Read Clinical Data'
Shows the server assembly information
Arguments: None
Show server version information.
Arguments: None
Show information for running services on the server.
Arguments: None
Example: Show running services
> svci
Services:
Service Status
OpenIZ.Persistence.Data.ADO.Services.... Running
IMSI Message Service Running
RISI Message Service Running
AMI Message Service Running
OpenIZ.Authentication.OAuth2.OAuthMes... Running
Dataset Installation Service Stopped
OpenIZ PCL ThreadPool Provider Running
REDIS Data Caching Service Running
Default Timer Service Running
Multi-Interface Message Handler Running
OpenIZ.Persistence.Reporting.PSQL.Rep... Running
Applet BRE Source Stopped
OpenIZ.Core.Services.Impl.LocalApplet... Running
OpenIZ.Core.Query.MemoryQueryPersiste... Running
SECURITY AUDIT SERVICE Running
GS1 Stock Event Subscriber Running
GS1 AS2(ish) Integration Service Running
GS1 Stock Service Running
Swagger API Documentation Running
Adds a user to the IMS system with the provided roles
Arguments:
| Argument | Default | * | Description | Example |
|---|---|---|---|---|
| -p [password] | 0..1 | The password for the created user | -p 'I like cookies' | |
| -r [role] | 0..* | One or more roles that should be assigned to the user | -r CLINICAL_STAFF | |
| -e [email] | 0..1 | An e-mail address for the created user | -e 'bob@clinic.com' | |
| -u [username] | * | 1..1 | The name of the user to create | -u bob |
Example: Create user BOB in groups CLINICAL_STAFF and USERS with password 'BobIsGreat'
> useradd bob -r CLINICAL_STAFF -r USERS -p 'BobIsGreat' -e 'bob@clinic.com'
Deletes a user from the IMS system (inactivates them)
Arguments:
| Argument | Default | * | Description | Example |
|---|---|---|---|---|
| -u [user] | * | 1..1 | The name of the user to delete | -u bob |
Example: De-activate user bob
> userdel bob
Display detailed information about one or more users.
Arguments:
| Argument | Default | * | Description | Example |
|---|---|---|---|---|
| -u [user] | * | 0..* | The users to show information for | -u bob |
Example: Show user information for user Bob
> userinfo bob
User: bob
SID: df16991a-6178-440a-b780-bbfd77fe35cd
Email: bob@marc-hi.ca
Phone: tel:+19055751212;ext=4085
Invalid Logins: 0
Lockout:
Last Login:
Created: 9/14/2017 11:20:56 AM -04:00 (SYSTEM)
DeActivated: 2/1/2018 11:40:25 AM -05:00 (Administrator)
Groups: USERS
Effective Policies:
Unrestricted All : Deny (automatic)
Unrestricted Administrative Function : Deny (automatic)
Change Password : Deny (automatic)
Administer Data Warehouse : Deny (automatic)
Create Role : Deny (automatic)
Alter Role : Deny (automatic)
Create Identity : Deny (automatic)
Create Device : Deny (automatic)
Create Application : Deny (automatic)
Administer Concept Dictionary : Deny (automatic)
Alter Identity : Deny (automatic)
Alter Policy : Deny (automatic)
Login : Grant (explicit)
Login as a Service : Grant (inherited from Login)
Access Client Administrative Function : Deny (automatic)
Unrestricted Clinical Data : Deny (automatic)
Query Clinical Data : Deny (automatic)
Write Clinical Data : Deny (automatic)
Delete Clinical Data : Deny (automatic)
Read Clinical Data : Deny (automatic)
Export Clinical Data : Deny (automatic)
Override Disclosure : Deny (automatic)
Unrestricted Metadata : Deny (automatic)
Read Metadata : Deny (automatic)
Unrestricted Data Warehouse : Deny (automatic)
Write Warehouse Data : Deny (automatic)
Delete Warehouse Data : Deny (automatic)
Read Warehouse Data : Deny (automatic)
Query Warehouse Data : Deny (automatic)
Lists users which are registered on the IMS server
Arguments:
| Argument | Default | * | Description | Example |
|---|---|---|---|---|
| -l | 0..1 | Filter to only users who are locked | -l | |
| -a | 0..1 | Filter for only active (non deleted) users | -a | |
| -h | 0..1 | Filter for human users only | -h | |
| -s | 0..1 | Filter for only system (Application or Device) users | -s | |
| -u [username] | 0..1 | Filter for users who match the specified username | -u b |
Example: Show all active device users which contain MINI-IMS
> userlist -as -u 'MINI-IMS'
Changes the lock status of a user
Arguments:
| Argument | Default | * | Description | Example |
|---|---|---|---|---|
| -l | 0..1 | Set the lock status on the user | -l | |
| -u | * | 1..* | The user(s) to change lock status | -u bob |
Example: Lock user accounts bob and barb
> userlock bob barb -l
Example: Unlock user account bob
> userlock bob
Un-delete (re-activates) a user account
Arguments:
| Argument | Default | * | Description | Example |
|---|---|---|---|---|
| -u | * | 1..* | The user(s) to re-activate | -u bob |
Example: Re-activate account barb
> userundel barb
Show the version of the local administration console
Arguments: None
Show the name of the user account you are currently authenticated as