Implementing API RBAC (Role Based Access Control) & Remote Sync ( from the server) for FHIR Core -- Permission Checker #1603
Replies: 2 comments 3 replies
-
lgtm! what is the MANAGE resource KeyCloak role? |
Beta Was this translation helpful? Give feedback.
-
[DRAFT] Proposal for enhanced keycloak role definition syntax. the current role definition structure is This works, so this is more of an enhancement to the ux when dealing and developing role based functionality. I propose a structure that looks like the following: The upside here will be the ease of creating composite roles. everything is now in small-case so that its not scary to look at. The FHIR resource name should be as it appears on the FHIR spec i.e using PascalCase. A trivial advantage is that this could potentially reduce the size of tokens for users with the same roles assigned. (inadvertently reducing size of request packets data that needs to be sent for each authenticated request). |
Beta Was this translation helpful? Give feedback.
-
Implementing API RBAC (Role Based Access Control) & Remote Sync ( from the server) for FHIR Core -- Permission Checker
Context
Permissions Checking (PermissionChecker)
Context
Implementation
How are the permissions created and assigned to a user?
which is a composite of the 4 HTTP methods-related roles.
HTTP_METHOD_RESOURCE_NAME
. This will be used to create the roles in Keycloak.How are the permissions used during authorization checks?
check the permissions of a user before allowing them to access the HAPI FHIR server.
GET https://fhir.labs.smartregister.org/fhir/Patient
authorization
header. Thisis found on the
realm_access.roles
key.Patient
GET_PATIENT
role.and a
403
Permissions denied error is returned to the user.Workflow UML Diagram
Pre-requisites
Beta Was this translation helpful? Give feedback.
All reactions