Administrator Guide

Overview

This guide covers topics relevant to EMERSE system administrators.

Admin page

Basic system administrator functions can be found on the admin page (which is actually a separate application). The administrator page provides mechanisms for adding users, making them active/inactive, adding system-wide synonyms, etc. The Admin page page also contains a way to view some of the EMERSE log files, which can be useful for troubleshooting, especially during initial installation. More details about this feature can be found in the Troubleshooting Guide.

The admin page can be accessed after logging into EMERSE and completing the attestation. Then, in the main EMERSE application it can be accessed via the EMERSE menu in the upper right portion of the screen. The Admin option will only appear in the drop down menu if the logged in user has admin privileges.

The admin page can also be accessed directly at the URL below as long as the user has admin privileges.

http://host:port/emerse/admin2/

Adding Users

Users should generally be added to the system via the interface on the Admin page.

It is also possbile to add users by adding them to the database tables (via a script, for example), but we don’t encourage that since multiple tables need to be updated correctly. For those who want to add users via the tables, the relevant tables are PERSON, PARTY, LOGIN_ACCOUNT, and the associated roles/privilege tables. Users are rows in the PERSON table which must have matching rows in the PARTY and LOGIN_ACCOUNT tables (on PARTY.ID = `PERSON.ID and on PERSON.LOGIN_ACCOUNT_ID = LOGIN_ACCOUNT_ID respectively). The latter table is also how privileges are associated to the users, since it has foreign key in the USER_ROLES table.

If you’re going to programmatically insert rows into those tables, you should use the right sequences for those tables so the app doesn’t try to use the same id you inserted into the table. They are generally the table name followed by _SEQ, such as LOGIN_ACCOUNT_SEQ or PARTY_SEQ. PERSON doesn’t have its own sequence since it has the same ids as the PARTY table so it uses the PARTY_SEQ.

User Announcements

EMERSE provides for the capability to have an announcement displayed to users after login (and after completing the Attestation page). This may be helpful if there is a need to communicate something to all users, such as a planned system shutdown. More than one announcement can be shown, and each announcement will be shown to every user until either the user clicks on the Don’t Show Again button or the administrator clears the announcement. If more than one announcement is entered for users, each will be shown in succession (not all together on the same announcement window).

To add an announcement, connect to the database and use the following SQL:

INSERT INTO app_config (ID, ATTRIBUTE, VALUE)
VALUES(app_config_seq.nextval, 'announcement', '<p>Announcement goes here.</p>')

The app_config table stores the announcements to be shown to users. The user_announcment_complete table keeps track of which users have clicked on the Don’t Show Again button for each announcement.

Adding an announcement could also be done by manually entering the information into the table, but it is important to make sure that each ID is unique and not re-used. The announcment_id in the user_announcment_complete table corresponds to the id in the app_config table.

Currently, the best way to remove an announcement is to blank out (null) the announcement text, using something like the following, where the id matches the row where the announcement should be made null:

UPDATE app_config t SET t.value = NULL WHERE t.id = 30

Changing a user ID

There may be rare cases in which a user’s User ID has to be changed (for example, someone’s last name has changed leading to a change in the User ID). Such changes can be made from the Administrator page.

As an admin you can change any User ID other than your own when you are logged in under that specific User ID.

Internal vs External Authorization

Users can be authenticated via two mechanisms:

An internal encrypted password stored in the LOGIN_ACCOUNT table
LDAP authentication external to EMERSE

This can be set, and later changed, on the Administrator page by choosing either Active or Inactive for the switch that allows for "External Authentication (Ldap, etc)".

This result is stored in the EXTERNAL_AUTH column (1, 0) in the LOGIN_ACCOUNT table, and it tells the application what authentication to prefer.

When EMERSE is configured to use LDAP as an authentication source (see the Configuration Guide for how to do this), it is still possible that a user can login if their password matches the encrypted credentials in the password field of the LOGIN_ACCOUNT table. If the EXTERNAL_AUTH flag is set to true (EXTERNAL_AUTH=1), however, the application won’t try to match the user’s credentials against the LOGIN_ACCOUNT table. In other words, when this flag is set to 1, the password field has no impact for the user, and only the external authentication mechanism is used.

Roles and Privileges

The visibility/accessibility of some user interface elements or features within EMERSE are controlled directly by a user’s set of privileges. Privileges are determined mainly through the users’ roles that are set up in the USER_ROLES table. Each role is mapped system-wide to a set of privileges. The ROLE_PRIVILEGES table contains a full list of possible actions/components/features that are assigned to a specific role in the application.

Figure 1. Tables Associated with Roles and Privileges

Table 1. Details about the internal EMERSE tables that handle roles and privileges
Table Name	Purpose/Description
`PRIVILEGE`	System-defined privileges that give access to certain features or displays of information within EMERSE (e.g., ability to export patient lists). This table should never change.
`USER_ROLE_DESC`	Lists the roles that exist in the system along with a description of what that role is, used for display on the admin page when selecting the roles a new user will have
`ROLE_PRIVILEGE`	Lists the privileges granted to each role.
`PRIVILEGE_EXCEPTIONS`	Lists privileges granted to or revoked from individual users. These "exceptions" are consulted first before a user’s roles are consulted.
`USER_ROLES`	Lists the roles of each user in the system.

Currently EMERSE has only one role where this is implemented, the “DEFAULT_USER” role. The ROLE_PRIVILEGE table contains a mapping of roles to privileges. For example, the "DEFAULT_USER" role has privileges:

EDIT_PT_LIST
EXPORT_PT_LIST
NEW_PT_LIST
SAVE_ALL_PT_LIST
VIEW_ALL_PT_CHARTS
VIEW_ALL_PT_SNIPPETS
VIEW_ALL_PT_TRENDS
ACCESS_EMERSE

An example of what can be done using this primary "DEFAULT_USER" role is that one could disable all users’ access (assuming no other roles have the same privilege) to exporting patient lists by removing EXPORT_PT_LIST privilege from the ROLE_PRIVILEGE table.

Privileges can also be granted to or revoked from a specific user by adding rows to the PRIVILEGE_EXCEPTIONS table. The ADD_PRIVILEGE column determines whether the privilege will be granted to the user (Y), or revoked from the user (N), essentially acting as a blacklist and whitelist. This table is consulted first, and only if there is no entry for the specific user and privilege will the roles be considered. So, if a privilege is revoked here, the user will not have it, even if they have a role that grants it to them.

Table 2. Example exception in the `PRIVILEGE_EXCEPTIONS` table, showing the revocation of the ability to export a patient list for a single user.
LOGIN_ACCOUNT_ID	PRIVILEGE_NAME	ADD_PRIVILEGE	CREATION_DATE
100	EXPORT_PT_LIST	N	sysdate

Table 3. Currently supported privileges in the `PRIVILEGE` table
NAME	DESCRIPTION
`NEW_PT_LIST`	Allows user to create a Saved Patient list. This would be a blank Saved Patient List unless the user then added patients to the list. The privilege to add patients to the list is defined by the `EDIT_PT_LIST` privilege.
`EDIT_PT_LIST`	Allows user to edit a patient list, which essentially means being able to add new patients to the list (by pasting in a set of medical record numbers or uploading a file of medical record numbers). If this privilege is turned off for a user, that user would still be able to remove patients from any list they currently have access to (it could be shared to them from another user).
`VIEW_ALL_PT_SNIPPETS`	Allows the user to view snippets from an All Patient Search. These snippets contain the search terms as well as surrounding text from the clinical notes. These snippets are also called Summaries.
`VIEW_ALL_PT_CHARTS`	Allows the user to view the demographic charts of an all-patient search.
`VIEW_ALL_PT_TRENDS`	Allows the user to view the trend chart of an all-patient search.
`SAVE_ALL_PT_LIST`	Allows the user to move a set of patients found from running a search across All Patients to a Temporary Patient list. Access to the Temporary Patient List would give the user access to the patient names, clinical notes, etc, and allows them to search the notes in more details.
`EXPORT_PT_LIST`	Allows the user to export a patient list to a password protected Excel file
`ACCESS_EMERSE`	Allows the user to access the EMERSE web application itself. If access is not granted, they could still access the admin app or the API (based on other permissions).
`ACCESS_ADMIN`	Allows the user to access the admininstration application of EMERSE.
`ACCESS_API`	Allows the user to access the server API, `/springmvc/ext/**`.

The default configuration for the EMERSE system is that the DEFAULT_USER has all privileges except access to the admin app and the server API. If these standard privileges are not desirable for the typical user of EMERSE, then one can simply remove the undesired privileges from the ROLE_PRIVILEGES table.

Alternately, you can create a new role by adding a row to the USER_ROLE_DESC table, and associate the wanted privileges with that role by adding rows to the ROLE_PRIVILEGES table. You can then assign users that role in the admin app. To do so, navigate to the users tab, find the user by name in the table, and click edit. This will bring you to a page that has a few checkboxes whose text matches the description of the role in the USER_ROLE_DESC table. Select the checkboxes for the roles you want the user to have. You can also add or remove roles to users in the database directly by changing the USER_ROLES table.

Table 4. A few examples of what can be done using the privileges supported within EMERSE.
Granted privileges	Implication
`ACCESS_EMERSE` `NEW_PT_LIST` `VIEW_ALL_PT_SNIPPETS` `SAVE_ALL_PT_LIST`	User can identify a set of patients with an All Patient Search and can see the text Summaries (`VIEW_ALL_PT_SNIPPETS`). User can move the list to a Temporary Patient list to search them further (`SAVE_ALL_PT_LIST`). User can also save the list as a Saved Patient List for searching later or sharing with another user (`NEW_PT_LIST`). But, user cannot add more patients to the list (`EDIT_PT_LIST`). User cannot export the list to an Excel file (`EXPORT_PT_LIST`).
`ACCESS_EMERSE` `VIEW_ALL_PT_SNIPPETS` `SAVE_ALL_PT_LIST`	User can identify a set of patients with an All Patient Search and can see the text Summaries (`VIEW_ALL_PT_SNIPPETS`). User can move the list to a Temporary Patient list to search them further (`SAVE_ALL_PT_LIST`). But because the user cannot create a new list (`NEW_PT_LIST`), the user cannot save this list for later. Once the user logs out, the list will be gone.
`ACCESS_EMERSE`	User can find a set of patients with an All Patient Search, but will not be able to see the text Summaries (`VIEW_ALL_PT_SNIPPETS`), and will not be able to move or save the list to search it in more detail (`SAVE_ALL_PT_LIST`). Essentially the user will be able to get a count from that All Patient search screen. The user will not be able to create their own lists (`NEW_PT_LIST`), but can still search a list of patients that was shared to them by another user. The user will not be able to add any new patients to the list that was shared to them (`EDIT_PT_LIST`). This is essentially a 'locked down' role that will allow them to get counts and search a list that was shared to them, but nothing else. For limited access, this could be a good configuration since an administrator could create and share a list with such a user.
`ACCESS_ADMIN`	This configures an administer role. Users with a role with such permissions cannot access EMERSE itself (so they cannot do any kind of search with EMERSE), but can add and create users, and edit users roles in the admin app.
`ACCESS_API`	This configures a service role. Users in this role can access the server endpoints under `/emerse/springmvc/ext/`. This would be used by programs that need to access EMERSE to do searches or other automated tasks supported by the endpoints in `/emerse/springmvc/ext/`.

Synonyms

EMERSE supports a type of query expansion we call Synonyms. These are system-suggested concepts that help users conduct a more thorough search. Synonyms can include alternative phrasings, acronyms and abbreviations, misspellings, stemming, related concepts, and more. These system-wide synonyms can be accessed by users but can only be updated by an administrator. There is no need to make your own Synonyms dataset since we can provide one: Details about the Synonyms Collection can be found on the main EMERSE website. On the website you will also find other data sets that have been formatted for importing into EMERSE, including Enesmbl gene names and associated diseases, the Human Phenotype Ontology, and others. You can download these datasets and upload them into EMERSE on the Admin page using the directions below. The directions below also describe how you can make your own Synonyms file, which may be useful if you want to supplement our Synonyms Collection with localized suggestions.

Users can make their own collection of terms by building a Term Bundle, and can incorporate system-suggested Synonyms into their bundles. User-created concepts can be made available to other users through shared Term Bundles but they will not automatically become a part of the system-suggested Synonyms unless they are added by an administrator.

Preparing a synonyms file

To prepare a synonyms file for importing into EMERSE, you simply need to structure the file as a three-column CSV file.

Column 1: A key value that links related concepts together. This can be anything but should be unique for each grouping of concepts.

Column 2: The concept itself. If the concept contains a comma it should be wrapped in double quotes.

Column 3: The Concept Type, of which there are 3:

1 = Regular Synonym
2 = Related Term
3 = Spelling Alternative (which could represent an actual spelling error or a spelling variation).

These three Concept Types are used for categorizing how the suggestions are displayed to users and also how the terms will be matched.

An example Synonyms import file would look like:

1994,endocervical type adenocarcinomas,1
1994,endocervical type adenocarcinoma,1
1994,endocervical adenocarcinomas,1
1994,endocervical adenocarcinoma,1
1994,"adenocarcinoma, endocervical type",1
1994,adenocarcinoma,1
2030,adenomatoid,1
2030,adenomatous polyps,1
2030,adenomatous polyp,1
2030,adenomatous,1
2030,adenomata,1
2030,adenomas,1
2030,adenoma,1
2030,polyps,2
2030,adeomas,3
2030,adeoma,3
2030,ademoa,3
2030,ademoma,3
2030,ademona,3

In the example above, there are two groups of concepts (group 1994, and group 2030). Group 1994 shows that one of the concepts is in double quotes since it contains a comma. Group 2030 also has mix of all three concept types: seven regular Synonyms (Concept Type = 1), one Related Term (Concept Type = 2), and five Spelling Alternatives (Concept Type = 3).

When a user enters a term, EMERSE does the following to determine which synonyms to display:

The user-entered term is matched to all Regular synonyms (Concept Type = 1)
For all matches, the key values are obtained (a concept may belong to more than one grouping and thus may have more than one key value).
All other terms related to the key value(s) are obtained
Duplicates are removed
The final set is displayed to the user, organized by the three Concept Types, as shown in the figure below

Figure 2. Synonyms shown for the term 'adenomatous'. Note that the terms are organized into three categories, based on the concept type: Synonyms, Related Terms, and Spelling Alternatives.

This organizational scheme of three Concept Types allows for some terms to be suggested based on a user-entered term, but supports the ability to have a one-way match to reduce extraneous matching when desired. For example, if the terms entered is 'adenomatous', the term 'polyps' will be displayed as a Related Term (see figure above). However, since in that grouping (group 2030 in the above example) the term 'polyps' is not a Regular concept type (i.e., it is not Concept Type 1 but rather Concept Type 2) then it means that a user-entered search term of 'polyps' will not match to anything in that 2030 grouping. This can be seen in the figure, below, where none of the terms in group 2030 are displayed to the user when 'polyps' is entered as a search term.

Synonyms suggestions display for the term Polyps

Figure 3. Synonyms shown for the term 'polyps'. This shows that the 'adenomatous' term is not displayed to the user since 'polyps' in the 'adenomatous' concept groups is not a Regular synonym type but rather is a Related Term type.

Uploading a Synonyms File

A Synonyms file should be prepared as a 3 'column' CSV file as described above. To upload the file, simply login to the administrator page and choose the Synonyms tab. Then click on the Choose button to select the CSV file. After the file is selected press Upload.

Figure 4. The administrator page for uploading the Synonyms file.

No feedback is provided while the file is loaded and verified, but when it is complete a Results page will be shown, which will report on the total number of rows entered and any errors found, as can be seen in the figure below.

Figure 5. The administrator page for uploading the Synonyms file, showing the feedback provided to the user.

EMERSE is currently designed to replace all of the synonyms data when uploading a file. There is no append function.

The feedback for problems with uploading the synonyms file is limited. If feedback is provided that the CSV file is invalid, it may be because the file is invalid but it may also be because there were problems with the database (such as no space left).

System error logs

The Log tab in the EMERSE admin page is a good place to look if you are running into problems. It will show any recent errors that are appearing in the system logs (which are different from the audit logs stored in the database). More details about troubleshooting can be found in the Troubleshooting Guide.

System Synchronization

The System tab in the admin app provides a feature to help synchronize components of the system. In general this should not be needed since synchronization automatically occurs once per night. However, when installing the system or troubleshooting it may be useful to force these events to occur immediately so that changes can be verified. To invoke this, simply click on the Synchronize button. Some of these actions may take time, though.

The Synchronize action will:

Copy the Patient table from the database to the master patient Solr index
Replicate the master patient Solr index to the patient-slave Solr index
Update document statistics as they are displayed in the UI, such as the number of patients and the date range of the documents. Note that the number of patients displayed in the UI is the number of distinct patients with at least one document in the Solr documents index, not the number of patients in the Patient table.

Additional details about how to check the progress of these synchronization steps can be found in the Troubleshooting Guide.

Software component versions

The EMERSE team tries to keep up with the latest versions of software components, as this is seen as a good approach to ensure security. While some components are installed by each site (e.g., Tomcat, Solr), other components come pre-installed with the EMERSE distribution. One way to check for the versions of these additional components is shown below for Spring and Hibernate:

unzip -l emerse2-4.3.war | grep '/spring.*jar'
unzip -l emerse2-4.3.war | grep '/hibernate.*jar'

Note that the specific version numbers of the war file may change based on the current version of the EMERSE distribution.

Index Optimization

EMERSE uses Apache Solr for indexing documents. Over time the index can become more fragmented and less efficient. This issue can be addressed by optimizing the index periodically. Index optimization is time- and space-intensive, so we recommend doing this about once every 3-4 months. Additional details can be found in the Configuration and Optimization Guide.

Audit logs

EMERSE maintains persistent audit logs of user activities, including logins, attestations (reasons for use with each session), patients/notes viewed, and search terms, among other actions. While reports are not currently built into the interface, you can access these logs via the database. We have several prebuilt SQL queries that can be found in the Reporting and Auditing Guide.

Each user’s set of search terms is captured in the audit logs, and these are the actual terms used. In other words, the terms are not referenced back to original sources (such as the Synonyms suggestions), which means that updating or changing the system-wide Synonyms will not affect the ability to retrieve or interpret existing search terms in the audit logs.

Some items are not captured in the audit logs, including any comments or tags (used for annotating the patients lists) affiliated with a Saved Patient List.

Analytics/Activity Tracking

As of version 4.8.1, EMERSE tracks user activity behind the scenes, which can help with determining what features are being used most, which are not being used, and the order in which users are moving through the system. These activities are recorded using two tables: USER_ACTION and USER_ACTION_LOG. The former (USER_ACTION) describes the 'actions' that a user can make, and the second (USER_ACTION_LOG) captures the actions for each user with time stamps.

The following information is logged:

User Action
User ID
HTTP_SESSION_KEY
ACTION_DATE
Name
Action
Feature
CONTEXT
SUBCONTEXT