dicom-server icon indicating copy to clipboard operation
dicom-server copied to clipboard
verified publisher icon microsoft

'Writer' role in RBAC roles to limit data exfiltration risk for on-premises uploading applications

Open Dave-Kiwi opened this issue 4 years ago • 0 comments

We have an on-premises component that uploads DICOM instance to the Azure (and would like to use the DICOM service instead).

In this scenario, we need that component to have the minimum rights possible (certainly not the ability to query, retrieve, or delete any instances, for example). Any of these rights increases the risk that an on-premises breach of escape of the application secret will lead to exfiltration of the customer's data with fully-laden PHI. One the data is in Azure, all our other applications that need to access it are also in Azure and can use RBAC, subnets, etc.

Presumably, the best way to achieve this would be with a 'Writer" role in the RBAC options.

User story As a user in a lower-security environment, I want my application to only be able to store instances.

Acceptance criteria

  1. Application can use STORE route
  2. Application cannot query
  3. Application cannot delete
  4. Application cannot retrieve
  5. Application cannot observe changed feed

Dave-Kiwi avatar Jan 02 '22 18:01 Dave-Kiwi