Day 5 – User and slide management with PMA.core
You have now received a quick introduction to the following components that are part of our software platform: PMA.core, PMA.view, PMA.start, PMA.slidebox, and PMA.transfer.
With so many options, you probably not want to expose all your content to all of your users, so let’s have a look at what you can do about that.
When you created your personal user account in PMA.core on day 1, you used a script that we prepared for you to perform that operation, using our own PHP SDK.
Note: if you’re unfamiliar with the term SDK; our SDK provides a set of tools, libraries, relevant documentation, code samples, processes, and or guides that allow developers to create their own digital pathology software applications on top of the Pathomation platform.
PMA.core is pretty scalable. We run instances where we have thousands of individual users. More information about our licensing model can be found here.
There’s a lot more that you can do with users than just create them. So let’s explore the user management within PMA.core. To access it, log into PMA.core a click on the “Users” menu option in the left navigation menu:
At this point, you’ll probably only see a couple of accounts. You should recognize your own, and two service accounts that we use ourselves for maintenance and configuration. See that “pma_zagreb” account? That’s one of those special user accounts that we set up for you. Make a mental note of that one. It’s coming back in tomorrow’s episode. Occasionally you can also see accounts pop up for some of Pathomation’s dedicated staff members (Yves Sucaet, our CTO, took the screenshots for this tutorial, so you’ll see his name appear throughout the screenshots).
Clicking on a user account takes you to that user’s “Summary” page, were you see any number of details.
You should take notice that a user has access to both public and private root directories. More on those later. What’s important for now, is that this tell you what the user will see each time he interfaces via with PMA.core via any other application within our platform. It is PMA.core that centrally controls what the user can and can’t see, and you only need to manage this kind of authorization in one location.
It is this feature that makes Pathomation a particularly easy to adopt platform to roll out and gradually scale into over time: as you expand your digital slide workflows; PMA.core gives you leverage when deploying new applications, as the same basic foundations are just transported to the new environment.
Next up the “Edit” tab. Some fields are obvious, like first name and email address. The more interesting ones are at the bottom though:
The Administrator checkbox indicate whether somebody can log into PMA.core directly, or can only access PMA.core-hosted content via another overlaying application like PMA.slidebox or PMA.view. Only a select number of people in your organization should have this attribute checked.
Can Annotate refers to whether somebody is allowed to make annotations on a slide. It is outside the scope of this tutorial series, as it involves and reflects mostly on PMA.studio.
Suspended indicates whether an account is temporarily suspended or not. In some organization, accounts can never be effectively deleted; they can only made dormant. For such scenarios, we provide the “Suspended” property.
If you created your account through your sandbox portal, your last name is probably “Sandboxer”. Go ahead and change it into your real name, and click “Save”.
Note: want more experience with PMA.core and our security system? Go ahead and suspend an account, then try to log in again and see what happens. Also play with the Administrator flag. Check it off and see if you can still log into PMA.core. What about PMA.view?
The next tab over is the Activity log. Here you can see when a user has logged in, and what slide (s)he’s been looking during his session. Don’t mind the “Forms” paragraph, we will cover this in a subsequent tutorial series on PMA.studio.
The Pathomation software is rolled out in a number of pharmaceutical settings. For these parties, audit trailing is an important business requirement. Audit trailing means that you log everything that happens: who makes the change? What is changed? And when?
Audit trailing for entities is a standard functionality in PMA.core. In order to see what happened with your user records, you only need to navigate over to the “Audit trail” log. Do you recognize the changes that you made earlier?
The final tab connects the end-user to root-directories. This is where you can indicate which users can see what content (root-directories).
What about root-directories?
Similar to user management, you can manage the different root-directories in PMA.core. You can access this by going to Settings > Root-directories in the left navigation menu, or by click on “Manage directories” from the homepage.
This presents you with a list of root-directories, similar to the overview that you saw for users:
In your sandbox, you should see a number of S3 root-directories. You can have these refer to a location on your hard disk as well, but we don’t have unlimited hard disk storage, so we prefer to setup the sandboxes in S3 buckets, which scales much better.
Clicking on the Edit button next to any of the root-directories allows you to make changes to a root-directory:
As with users, you should go ahead and make some small changes here to verify that the information presented in the Audit trail is kept relevant.
This is also where you can change a root-directory’s visibility from private to public and back. Root-directories have two visibility states: “public” means that any user within PMA.core can see the content in the root-directory, whereas “private” means that only select users can have access to it.
When you change the root-directory’s visbility from public to private, you’ll have an extra dialog to help you grant or deny individual users’ access.
The Mounting Points tab contains technical information about where and how we connect to the abovementioned S3 buckets. You should stay out of it 😊.
If you happen to have an S3 bucket of your own that you would like to see appear in PMA.core, however, email firstname.lastname@example.org and we’ll gladly walk you through the process on a one-on-one basis.
The final tab “View slides” takes you to the image management view that we discussed on the first day of our tutorial.
Global access management
We already showed you how to disable and enable accounts, or how to keep people out of root-directories. But what do you do when you want an overview of how things are system-wide and tweak authorization at a global level?
This is possible by clicking on the “ACL overview” button in the root-directories list view:
In our example, we only have one root-directory labeled as “private”, so only one column shows. All the users are represented in the rows, and you can clearly see who has access to what.
The checkboxes can be used to toggle a person’s access to a particular resource.
Make sure the press the “Save” button after making the changes, or they will be lost.
Where to from here?
If you have extra time to spare today, take some time to further explore the user management of PMA.core. Make a new account, see what happens when you suspend an account, or observe in real-time that your Action log is updated when you go look at some slides.