You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
RBAC - Role-based access control
Role-based access control (RBAC) is a policy-neutral access-control mechanism defined around roles and privileges. The components of RBAC such as role-permissions, user-role and role-role relationships make it simple to perform user assignments. In our case what should the CHW or CHSS be able to do - create, read, update and/or delete (soft delete)
Open Questions
How do we intend to implement RBAC on FHIR Core?
What are some of the use cases where we intend to implement this?
What are the code and no-code pieces (configs) of this?
In the above example we try to figure out who has ability to view/create new resources and how will that affect the sync of data from HAPI FHIR Server to the App based on configs and assigned permissions
Cool thanks for starting this discussion, a couple initial thoughts
Let's distinguish between what's needed for RBAC on the client and on the server -- RBAC on server is the essential piece from a security perspective, this will ensure the data stores are receiving and sending the appropriate information, but without RBAC on the client it'll lead to some frustrating situations for the user, like they might create a bunch of data but then not be able to up sync it because they don't have write permission, there's also the inverse problem if we implemented RBAC on the client but not on the server: the user wouldn't be able to create the records on the client (so from their perspective this would be fine) but if they were sophisticated they could hit the API with the data they would have created on the client
Concerning code/config, we can think of this as what code will we need to write so that configs will be able to accomplish the user's goals. An MVP that only allows the user coarse grained definition through the configs, like supervisor or not, is fine if that's all we know we need.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
RBAC - Role-based access control
Role-based access control (RBAC) is a policy-neutral access-control mechanism defined around roles and privileges. The components of RBAC such as role-permissions, user-role and role-role relationships make it simple to perform user assignments. In our case what should the CHW or CHSS be able to do - create, read, update and/or delete (soft delete)
Open Questions
code
andno-code
pieces (configs
) of this?Beta Was this translation helpful? Give feedback.
All reactions