How to enable hierarchical access control
This guide explains how multi-tenancy on the Organization resources can be enabled
You should have Docker and Docker Compose installed before go further. To get it installed follow the instructions.
To get the Aidbox License:
- 1.
- 2.Login to the portal
- 3.Create new self-hosted Aidbox License or use the license that you already have
Aidbox is configured by the Aidbox Configuration Projects. To create sample project run command below
FHIR R4
FHIR R5
git clone \
--branch=main \
--depth=1 \
https://github.com/Aidbox/aidbox-project-template.git \
aidbox-project && \
cd aidbox-project && \
rm -rf .git
git clone \
--branch=fhir-r5 \
--depth=1 \
https://github.com/Aidbox/aidbox-project-template.git \
aidbox-project && \
cd aidbox-project && \
rm -rf .git
Populate the
.env
file with the Aidbox License. .env
AIDBOX_LICENSE=YOUR_AIDBOX_LICENSE_KEY
...
To enable hierarchical access control (multi-tenancy on Organization resources) add necessary imports to the
zrc/main.edn
file.FHIR R4
FHIR R5
Add
aidbox.multitenancy.v1.fhir-r4
to the import section.zrc/main.edn
{ns main
import #{aidbox
aidbox.multitenancy.v1.fhir-r4 ;; import multitenancy
config}
box
{:zen/tags #{aidbox/system}
:config config/base-config
:services {:admin-user-seed config/admin-user-seed
:root-client-seed config/root-client-seed}}}
Add
aidbox.multitenancy.v1.fhir-r5
to the import section.zrc/main.edn
{ns main
import #{aidbox
aidbox.multitenancy.v1.fhir-r5 ;; import multitenancy
config}
box
{:zen/tags #{aidbox/system}
:config config/base-config
:services {:admin-user-seed config/admin-user-seed
:root-client-seed config/root-client-seed}}}
To start Aidbox run the command in the
aidbox-project
directory.docker compose up --force-recreate
When Aidbox starts, navigate to the http://localhost:8888 and sign in to the Aidbox UI using the credentials
admin
/ password
.Use Aidbox UI Rest Console to create nested Organization resources.
status: 201 (created)
PUT /fhir/Organization/org-a
status: 201 (created)
PUT /fhir/Organization/org-b
partOf:
resourceType: Organization
id: org-a
status: 201 (created)
PUT /fhir/Organization/org-c
partOf:
resourceType: Organization
id: org-b
You should have 3 nested organizations for now
org-a
└── org-b
└── org-c
Use Aidbox UI Rest Console to create Patient resource in the organization B.
status: 201 (created)
PUT /Organization/org-b/fhir/Patient/pt-1
status: 200
GET /Organization/org-a/fhir/Patient/pt-1
status: 200
GET /Organization/org-b/fhir/Patient/pt-1
status: 403
GET /Organization/org-c/fhir/Patient/pt-1