Enable export for SMART clinical scope : read

feordin commented 5 months ago

Description

This adds an allowed DataAction of Export when a SMART scope of "read" is requested. This change is being made because prior to this it was necessary to grant "write" privileges to a SMART user if they needed export. This was too much privilege for an export request.

Note that there is still another layer of protection before a SMART user could actually initiate an export job. They will need to be a member of the FHIR Export role in RBAC in addition to requesting the "read" SMART clinical scope.

Related issues

Addresses [issue AB#120097].

Testing

Unit tests were updated.

FHIR Team Checklist

Update the title of the PR to be succinct and less than 65 characters
Add a milestone to the PR for the sprint that it is merged (i.e. add S47)
Tag the PR with the type of update: Bug, Build, Dependencies, Enhancement, New-Feature or Documentation
Tag the PR with Open source, Azure API for FHIR (CosmosDB or common code) or Azure Healthcare APIs (SQL or common code) to specify where this change is intended to be released.
Tag the PR with Schema Version backward compatible or Schema Version backward incompatible or Schema Version unchanged if this adds or updates Sql script which is/is not backward compatible with the code.
[ ] CI is green before merge
Review squash-merge requirements

Semver Change (docs)

Patch|Skip|Feature|Breaking (reason)

LTA-Thinking commented 4 months ago

Note that there is still another layer of protection before a SMART user could actually initiate an export job. They will need to be a member of the FHIR Export role in RBAC in addition to requesting the "read" SMART clinical scope.

If they still need the RBAC roll what value is the SMART roll? Wouldn't they be able to export without the SMART roll if they had the RBAC roll?

feordin commented 4 months ago

Note that there is still another layer of protection before a SMART user could actually initiate an export job. They will need to be a member of the FHIR Export role in RBAC in addition to requesting the "read" SMART clinical scope.

If they still need the RBAC roll what value is the SMART roll? Wouldn't they be able to export without the SMART roll if they had the RBAC roll?

It is true that once they are members of the Export role they have export permissions, but if that same user is also a member of the SMART role, the actions they take are then limited by the SMART clinical scopes in their token. Right now, we have to grant write permissions in the SMART clinical scope in order for the user to take advantage of their Export privileges.

feordin commented 4 months ago

/azp run

azure-pipelines[bot] commented 4 months ago

Azure Pipelines successfully started running 1 pipeline(s).

feordin commented 3 months ago

/azp run

azure-pipelines[bot] commented 3 months ago

Azure Pipelines successfully started running 1 pipeline(s).

microsoft / fhir-server