Fine-grained entitlements

[mikael-linden]

REMS needed to allow Applicant to apply for permissions to resources that are more fine-grained than the current atomic "resource" (such as, dataset). For instance, applicants want to get access to attributes BMI, sex, age and genotype for those samples where the patient has diagnosis on diabetes and has consented their samples for non-profit research (SELECT bmi, sex, birth-year, genotype FROM dabase WHERE diagnosis=diabetes AND consent=non-profit-research). This needed then to be expressed in the entitlement that REMS produces.

[opqdonut]

Not sure how REMS can help here. You can always have a field (free text? multiselect?) in the application form for the applicant to select columns/filters/tables/...

Additionally, we could implement a free text field for the entitlement, filled in by the handler. This would then be available via the entitlement API.

[mikael-linden]

REMS can help by extending the current binary model (user has entitlement to an object: yes/no) to a more sophisticated entitlement model which has the power to express "SQL query like" entitlements described above. Free text (filled by the handler) is not enough as the entitlement must be machine-readable so it can be enforced programmatically (for instance, by the cloud environment where the uses uses their entitlement to access data).