-
Notifications
You must be signed in to change notification settings - Fork 324
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AccessPolicy "writeable" fields, vs. "readonly" #2548
Comments
Counter proposal... Rather than adding "writeable", we deprecate "readonly", and move to "supported interactions". It would be an array of FHIR interactions and operations: https://hl7.org/fhir/R4/http.html
For example: // full access (default)
['*'],
// readonly
['read'],
// readonly with history
['read', 'vread', 'history'],
// read with history and search
['read', 'vread', 'history', 'search'],
// read and write, but no delete
['read', 'vread', 'history', 'search', 'update', 'patch'], Is that too granular? Would it be too annoying to list out all operations like that? Or maybe "operations" should be separate? That is the terminology that we use in our That was inspired by
Or, as @mattwiller suggested, we could align with SMART scopes: We define permissions to support the following FHIR REST API interactions:
The main limitation here is that it does not include anything about FHIR operations. Of course, when performing a FHIR Operation, we use the current user's permissions, so we could always defer at that level too. |
Between those options, I would actually prefer aligning to the full set of RESTful interactions codes rather than SMART scopes, since the latter are more subject to change and should map down to the supported operations anyways. The granularity of the operations feels pretty good to me, and I believe it will be critical to have a clear distinction between a user's inherent permissions (i.e. what they are allowed to do per access policies in a given context) and scopes (what a given token is permitted to do on behalf of a user) |
Summary of our discussion offline:
|
User Driven: https://discord.com/channels/905144809105260605/1133436813869064202
This should be part of a broader conversation on the next iteration of AccessPolicies.
There are cases when users want to lock down almost every field, except for a few status fields.
In this case, the user wants to lock down all fields on
ServiceRequest
except forServiceRequest.note
.The text was updated successfully, but these errors were encountered: