search

dorset-ics / healthcare-data-exchange

A FHIR based integration and interoperability platform to support a regional healthcare network.
https://dorset-ics.github.io/healthcare-data-exchange/
MIT License
5 stars 5 forks source link

Create authorization framework #44

Open shiranr opened 2 months ago

shiranr commented 2 months ago

We currently have only full authentication system and the authorization is not implemented. There are currently 2 roles which are being used:

  1. DataProvider
  2. DataAdministrator There needs to be a mapping for the different personas (users) of the system and create an authorization mechanism around it.

The current status of the system contains the APIs of:

  1. _health - open api for everyone.
  2. FHIR APIs - should be restricted:
    • Patient, Organizations etc.
    • Ingest
  3. Internal APIs - internal/run/ods - should be restricted with a special use case for internal admin commands
johncollinson2001 commented 1 month ago

Hi @shiranr

I think we currently have some basic AuthZ:

Is the requirement at this time for an additional role for DataAdministrator, which has access to the internal API endpoints to execute the background services?