Stream: smart
Topic: fhir users & Role mapping resources
Mounika (Mar 03 2021 at 06:54):
Hi all, Generally for Practitioner of different categories we can assign roles with practitioner-role resource but apart from practitioner other users from, maybe Administrative, IT Department, Managing Teams..... How can we assign roles and resource mapping to search users in fhir server? Can anyone suggest me.
Lloyd McKenzie (Mar 03 2021 at 14:25):
Hi @Mounika I'm not fully understanding your question - and particularly how it's related to SMART on FHIR? Can you explain more, perhaps with some examples? If this isn't related to SMART, it might be best to re-ask your question (with clarifications) on #implementers
Venu Gopal (Apr 14 2021 at 05:11):
@Lloyd McKenzie @Mounika I have a similar question. SMART has launch scopes like patient/Patient.read, user/MedicationStatement.write. This applies to all the resources. The launch scopes act as a safety net at the Resource (API), similar to custom scopes of OAUTH2.0. Some resources like, Medication, ServiceRequest, CarePlan are not be written by everyone, AFAIK. So creating personas and giving them specific scopes would achieve a good amount of Role Based Access Control and streamlined access to the launch scopes and thereby control the resource actions. The standalone application can also customize behavior as per the designated role. It appears it is left for the implementers to decide
Josh Mandel (Apr 14 2021 at 14:24):
You're right that SMART doesn't try to represent the permissions that any given user has; our OAuth scopes provide a delegation mechanism for sharing (a subset of) a user's permissions with a third party app.
Last updated: Apr 12 2022 at 19:14 UTC
