Access Control in Plugins and Facades¶
The Access Control feature is also available to users of a Firely Server Facade or Firely Server Plugins. You can use the default implementation based on SMART on FHIR, or provide an implementation of your own.
Access control implementation¶
The access control engine is programmed using interfaces for which you can provide your own implementation. Because we think the model behind SMART on FHIR covers many cases, these interfaces are loosely modelled after it. The important interfaces and class are:
|Interface / Class||Description|
|IAuthorization||Defines whether your are allowed to read or write a type of resource.
Abstraction of the concept of a scope (like user/Observation.read) in SMART
|ICompartment||Confines the user to a compartment, expressed as a combination of a
CompartmentDefinition and a search argument.
Abstraction of the concept of a launch context (like patient=123) in SMART
|IReadAuthorizer||Calculates access control for a type of resource given an instance of IAuthorization
|IWriteAuthorizer||Calculates access control for writing a new (version of a) resource given an instance
of IAuthorization and/or ICompartment
|AuthorizationResult||Return value of IReadAuthorizer and IWriteAuthorizer methods.
It expresses whether you are authorized at all, and if so - under which conditions.
These conditions are expressed as search arguments.