Aidbox User Docs
Run Aidbox locallyRun Aidbox in SandboxTalk to us Ask community
  • Aidbox FHIR platform documentation
    • Features
    • Architecture
  • Getting Started
    • Run Aidbox in Sandbox
    • Run Aidbox locally
    • Run Aidbox on AWS
    • Upload Sample Data
  • Tutorials
    • CRUD, Search Tutorials
      • Delete data
      • Set up uniqueness in Resource
      • Search Tutorials
        • Custom SearchParameter tutorial
        • Create custom Aidbox Search resource
        • Multilingual search tutorial
        • Migrate from Aidbox SearchParameter to FHIR SearchParameter
        • Change sort order by locale collation
    • Bulk API Tutorials
      • 🎓Synthea by Bulk API
      • 🎓$dump-sql tutorial
    • Security & Access Control Tutorials
      • Allow patients to see their own data
      • Restrict operations on resource type
      • Relationship-based access control
      • Creating user & set up full user access
      • Restricting Access to Patient Data
      • Create and test access control
      • RBAC
        • Flexible RBAC built-in to Aidbox
        • RBAC with JWT containing role
        • RBAC with ACL
      • Set-up token introspection
      • Prohibit user to login
      • Managing Admin Access to the Aidbox UI Using Okta Groups
      • Run Multibox locally
      • How to enable labels-based access control
      • How to enable patient data access API
      • How to enable SMART on FHIR on Patient Access API
      • How to enable hierarchical access control
      • How to configure Audit Log
      • How is an HTTP request processed in Aidbox
      • How to configure SSO with another Aidbox instance to access Aidbox UI
      • How to configure SSO with Okta to access Aidbox UI
      • How to configure sign-in with Apple for access to the Aidbox UI
      • How to configure Azure AD SSO for access to the Aidbox UI
      • How to configure Microsoft AD FS for access to the Aidbox UI
      • How to configure Azure AD SSO with certificate authentication for access to the Aidbox UI
      • How to configure GitHub SSO for access to Aidbox UI
      • How to configure Keycloak for access for AidboxUI
      • How to implement Consent-based Access Control using FHIR Search and Aidbox Access Policy
      • Debug Access Control
      • AccessPolicy best practices
    • Terminology Tutorials
      • Load ICD-10 terminology into Aidbox
      • Uploading IG terminology content to external FHIR terminology server
    • Validation Tutorials
      • Upload FHIR Implementation Guide
        • Environment Variable
        • Aidbox UI
          • IG Package from Aidbox Registry
          • Public URL to IG Package
          • Local IG Package
        • Aidbox FHIR API
        • UploadFIG Tool
      • ISiK
      • Carin BB
      • US Core
      • Davinci Pdex
      • mCode
    • Integration Toolkit Tutorials
      • Postmark integration tutorial
      • Mailgun integration tutorial
    • Subscriptions Tutorials
      • AidboxTopicSubscription NATS tutorial
    • Other tutorials
      • Run Aidbox with FHIR R6
      • Migrate from Multibox to Aidbox
      • SDC with Custom Resources
      • How to create FHIR NPM package
      • Migrate from legacy licence portal to Aidbox portal
      • How to run Aidbox in GCP Cloud Run
  • Overview
    • Licensing and Support
    • Aidbox user portal
      • Projects
      • Licenses
      • Members
    • Aidbox UI
      • Aidbox Notebooks
      • REST Console
      • Database Console
      • Attrs stats
      • DB Tables
      • DB Queries
    • Versioning
    • Release Notes
    • Contact us
  • Configuration
    • Settings
    • Configure Aidbox and Multibox
    • Init Bundle
  • API
    • REST API
      • CRUD
        • Create
        • Read
        • Update
        • Patch
        • Delete
      • FHIR Search
        • SearchParameter
        • Include and Revinclude
        • Chaining
      • Aidbox Search
      • Bundle
      • History
      • $everything on Patient
      • Other
        • Aidbox & FHIR formats
        • Capability Statement
        • $document
        • Observation/$lastn
        • $validate
        • SQL endpoints
        • $matcho
        • $to-format
        • Aidbox version
        • Health check
    • Bulk API
      • Configure Access Policies for Bulk API
      • $dump
      • $dump-sql
      • $dump-csv
      • $export
      • $load & /fhir/$load
      • $import & /fhir/$import
      • aidbox.bulk data import
      • Bulk import from an S3 bucket
    • Batch/Transaction
    • GraphQL API
    • Other APIs
      • Plan API
        • Provider Directory API
          • Practitioner
          • PractitionerRole
          • Organization
          • OrganizationAffiliation
        • Plan API Overview
      • Archive/Restore API
        • create-archive
        • restore-archive
        • prune-archived-data
        • delete-archive
      • ETAG support
      • Cache
      • Changes API
      • RPC API
      • Sequence API
      • Encryption API
      • Batch Upsert
  • Modules
    • Profiling and validation
      • FHIR Schema Validator
        • Aidbox FHIR IGs Registry
        • Setup Aidbox with FHIR Schema validation engine
      • Skip validation of references in resource using request header
      • Asynchronous resource validation
    • Access Control
      • Identity Management
        • User Management
        • Application/Client Management
      • Authentication
        • Basic HTTP Authentication
        • OAuth 2.0
        • Token Introspector
        • SSO with External Identity Provider
      • Authorization
        • Access Policies
        • SMART on FHIR
          • SMART Client Authorization
            • SMART App Launch
            • SMART Backend services
          • SMART Client Authentication
            • SMART: Asymmetric (/"private key JWT") authentication
            • SMART: Symmetric (/"client secret") authentication
          • SMART: Scopes for Limiting Access
          • Pass Inferno tests with Aidbox
          • Example: SMART App Launch using Aidbox and Keycloak
          • Example: SMART App Launch using Smartbox and Keycloak
        • Scoped API
          • Organization-based hierarchical access control
          • Compartments API
          • Patient data access API
        • Label-based Access Control
      • Audit & Logging
    • Observability
      • Getting started
        • Run Aidbox with OpenTelemetry locally
        • How to export telemetry to the OTEL collector
      • Logs
        • How-to guides
          • OpenTelemetry logs
          • Elastic Logs and Monitoring Integration
          • Datadog Log management integration
          • Loki Log management integration
        • Tutorials
          • Log analysis and visualization tutorial
          • Export logs to Datadog tutorial
        • Extending Aidbox Logs
        • Technical reference
          • Log appenders
          • Log transformations
          • Log Schema
          • OTEL logs exporter parameters
      • Metrics
        • How-to guides
          • How to export metrics to the OTEL collector
          • Use Aidbox Metrics Server
          • Set-up Grafana integration
        • Technical reference
          • OpenTelemetry Metrics
          • OTEL metrics exporter parameters
      • Traces
        • How to use tracing
        • OTEL traces exporter parameters
    • Subscriptions
      • Aidbox topic-based subscriptions
        • Kafka AidboxTopicDestination
        • Webhook AidboxTopicDestination
        • GCP Pub/Sub AidboxTopicDestination
        • Tutorial: produce QuestionnaireResponse to Kafka topic
      • Aidbox SubSubscriptions
    • Aidbox Forms
      • Getting started
      • Aidbox Forms Interface
      • Aidbox UI Builder
        • UI Builder Interface
        • Form creation
          • Form Settings
          • Widgets
          • Components
          • Versioning
          • Form customisation in Theme Editor
          • Form signature
          • How-to guides
            • How to: populate forms with data
            • How to extract data from forms
            • How to calculate form filling percentage
          • Multilingual forms
          • FHIRPath Editor
        • Import Questionnaire
        • Form sharing
        • Printing forms
          • Template-based PDF generation
        • FHIR versions
        • Offline forms
        • Embedding
          • Request Interception
        • Configuration
        • Forms multitenancy
        • Building reports using SQL on FHIR
        • Integration with external terminology servers
        • External FHIR servers as a data backend
        • Store attachments in S3-like storages
      • Access Control in Forms
      • Audit Logging in Forms
      • Aidbox Form Gallery
    • Define extensions
      • Extensions using StructureDefinition
      • Extensions using FHIRSchema
    • Custom Resources
      • Custom resources using FHIR Schema
      • Custom resources using StructureDefinition
      • Migrate to FHIR Schema
        • Migrate custom resources defined with Entity & Attributes to FHIR Schema
        • Migrate custom resources defined with Zen to FHIR Schema
    • Aidbox terminology module
      • Concept
        • $translate-concepts
        • Handling hierarchies using ancestors
      • ValueSet
        • ValueSet Expansion
        • ValueSet Code Validation
        • Create a ValueSet
      • CodeSystem
        • CodeSystem Concept Lookup
        • CodeSystem Subsumption testing
        • CodeSystem Code Composition
      • Import external terminologies
        • Import flat file (/CSV)
        • $import operation
        • Ready-to-use terminologies
      • $translate on ConceptMap
    • SQL on FHIR
      • Defining flat views with View Definitions
      • Query data from flat views
      • Reference
    • Integration toolkit
      • C-CDA / FHIR Converter
        • List of supported templates
          • Admission Diagnosis Section (/V3)
          • Advance Directives Section (/entries optional) (/V3)
          • Advance Directives Section (/entries required) (/V3)
          • Allergies and Intolerances Section (/entries optional) (/V3)
          • Allergies and Intolerances Section (/entries required) (/V3)
          • Assessment Section
          • Chief Complaint Section
          • Chief Complaint and Reason for Visit Section
          • Complications Section (/V3)
          • Course of Care Section
          • DICOM Object Catalog Section - DCM 121181
          • Default Section Rules
          • Discharge Diagnosis Section (/V3)
          • Document Header
          • Encounters Section (/entries optional) (/V3)
          • Encounters Section (/entries required) (/V3)
          • Family History Section (/V3)
          • Functional Status Section (/V2)
          • General Status Section
          • Goals Section
          • Health Concerns Section (/V2)
          • History of Present Illness Section
          • Hospital Consultations Section
          • Hospital Course Section
          • Hospital Discharge Instructions Section
          • Hospital Discharge Physical Section
          • Hospital Discharge Studies Summary Section
          • Immunizations Section (/entries optional) (/V3)
          • Immunizations Section (/entries required) (/V3)
          • Medical (/General) History Section
          • Medical Equipment Section (/V2)
          • Medications Administered Section (/V2)
          • Medications Section (/entries optional) (/V2)
          • Medications Section (/entries required) (/V2)
          • Mental Status Section (/V2)
          • Notes
          • Nutrition Section
          • Objective Section
          • Operative Note Fluids Section
          • Operative Note Surgical Procedure Section
          • Past Medical History (/V3)
          • Payers Section (/V3)
          • Plan of Treatment Section (/V2)
          • Postprocedure Diagnosis Section (/V3)
          • Preoperative Diagnosis Section (/V3)
          • Problem Section (/entries optional) (/V3)
          • Problem Section (/entries required) (/V3)
          • Procedure Description Section
          • Procedure Disposition Section
          • Procedure Estimated Blood Loss Section
          • Procedure Implants Section
          • Procedure Specimens Taken Section
          • Procedures Section (/entries optional) (/V2)
          • Procedures Section (/entries required) (/V2)
          • Reason for Visit Section
          • Results Section (/entries optional) (/V3)
          • Results Section (/entries required) (/V3)
          • Review of Systems Section
          • Social History Section (/V3)
          • Vital Signs Section (/entries optional) (/V3)
          • Vital Signs Section (/entries required) (/V3)
        • How to deploy the service
        • Producing C-CDA documents
        • How to customize conversion rules
      • HL7 v2 Integration
        • HL7 v2 integration with Aidbox Project
        • Mappings with lisp/mapping
      • X12 message converter
      • Analytics
        • Power BI
      • Mappings
      • Email Providers integration
        • Setup SMTP provider
    • SMARTbox | FHIR API for EHRs
      • Get started
        • Set up Smartbox locally
        • Deploy Smartbox with Kubernetes
      • (/g)(/10) Standardized API for patient and population services
      • The B11 Decision Support Interventions
        • Source attributes
        • Feedback Sections
      • How-to guides
        • Pass Inferno tests with Smartbox
        • Perform EHR launch
        • Pass Inferno Visual Inspection and Attestation
        • Revoke granted access
        • Set up EHR-level customization
        • Check email templates
        • Setup email provider
        • Register users
        • Set up SSO with Auth0
        • Publish Terms of Use link onto the documentation page
        • Find out what resources were exported during the $export operation
        • Find documentation endpoint
      • Background information
        • Considerations for Testing with Inferno ONC
        • Adding Clients for Inferno tests
        • Multitenancy approach
        • What is Tenant
        • Email templating
    • ePrescription
      • Getting started
      • Authentication with mTLS
      • Pharmacies synchronization
      • Prescribing
        • NewRx Message
        • CancelRx Message
        • How to test Callback
      • Directory
        • DirectoryDownload Message
        • GetProviderLocation Message
        • AddProviderLocation Message
        • UpdateProviderLocation Message
        • DisableProviderLocation Message
      • Medications
        • FDB
      • References
        • Environment Variables
      • Frequently Asked Questions
    • Other modules
      • MDM
        • Train model
        • Configure MDM module
        • Find duplicates: $match
        • Mathematical details
      • MCP
  • Database
    • Overview
    • Database schema
    • PostgreSQL Extensions
    • AidboxDB
      • HA AidboxDB
    • Tutorials
      • Migrate to AidboxDB 16
      • Working with pgAgent
  • File storage
    • AWS S3
    • GCP Cloud Storage
    • Azure Blob Storage
    • Oracle Cloud Storage
  • Deployment and maintenance
    • Deploy Aidbox
      • Run Aidbox on Kubernetes
        • Deploy Production-ready Aidbox to Kubernetes
        • Deploy Aidbox with Helm Charts
        • Highly Available Aidbox
        • Self-signed SSL certificates
      • Run Aidbox on managed PostgreSQL
      • How to inject env variables into Init Bundle
    • Backup and Restore
      • Crunchy Operator (/pgBackRest)
      • pg_dump
      • pg_basebackup
      • WAL-G
    • Indexes
      • Get suggested indexes
      • Create indexes manually
  • App development
    • Use Aidbox with React
    • Aidbox SDK
      • Aidbox JavaScript SDK
      • Apps
      • NodeJs SDK
      • Python SDK
    • Examples
  • Reference
    • Matcho DSL reference
    • FHIR Schema reference
    • Settings reference
      • General
      • FHIR
      • Security & Access Control
      • Modules
      • Database
      • Web Server
      • Observability
      • Zen Project
    • Environment variables
      • Aidbox required environment variables
      • Optional environment variables
      • AidboxDB environment variables
    • System resources reference
      • IAM Module Resources
      • SDC Module Resources
      • Base Module Resources
      • Bulk Module Resources
      • AWF Module Resources
      • Cloud Module Resources
      • HL7v2 Module Resources
      • SQL on FHIR Module Resources
    • Email Providers reference
      • Notification resource reference
      • Mailgun environment variables
      • Postmark environment variables
    • Aidbox Forms reference
      • FHIR SDC API
      • Aidbox SDC API
      • Generating Questionnaire from PDF API
    • Aidbox SQL functions
  • Deprecated
    • Deprecated
      • Zen-related
        • RPC reference
          • aidbox
            • mdm
              • aidbox.mdm/update-mdm-tables
              • aidbox.mdm/match
        • FTR
        • Aidbox configuration project
          • Run Aidbox locally using Aidbox Configuraiton project
          • Aidbox configuration project structure
          • Set up and use configuration projects
          • Enable IGs
          • Repository
          • Seed Import
          • Manage Indexes in Zen Project
          • Seed v2
          • 🎓Migrate to git Aidbox Configuration Projects
          • Aidbox Configuration project reference
            • Zen Configuration
            • Aidbox project RPC reference
            • aidbox.config/config
          • Custom resources using Aidbox Project
          • First-Class Extensions using Zen
          • Zen Indexes
        • US Core IG
          • US Core IG support reference
        • Workflow Engine
          • Task
            • Aidbox Built-in Tasks
            • Task Executor API
            • Task User API
          • Workflow
            • Workflow User API
          • Services
          • Monitoring
        • FHIR conformance Deprecated guides
          • Touchstone FHIR 4.0.1 basic server
          • Touchstone FHIR USCore ClinData
          • How to enable US Core IG
            • Start Aidbox locally with US Core IG enabled
            • Add US Core IG to a running Aidbox instance
          • HL7 FHIR Da Vinci PDex Plan Net IG
        • Terminology Deprecated Tutorials
          • Inferno Test-Suite US Core 3.1.1
        • API constructor (/beta)
        • zen-lang validator
          • Write a custom zen profile
          • Load zen profiles into Aidbox
        • FHIR topic-based subscriptions
          • Set up SubscriptionTopic
          • Tutorial: Subscribe to Topic (/R4B)
          • API Reference
            • Subscription API
        • 🏗️FHIR Terminology Repository
          • FTR Specification
          • Create an FTR instance
            • FTR from CSV
            • FTR from FHIR IG
            • FTR from FTR — Direct Dependency
            • FTR from FTR — Supplement
          • FTR Manifest
          • Load SNOMED CT into Aidbox
          • Load LOINC into Aidbox
          • Load ICD-10-CM into Aidbox
          • Load RxNorm into Aidbox
          • Load US VSAC Package to Aidbox
          • Import via FTR
        • Zen Search Parameters
      • Entity / Attribute
        • Entities & Attributes
        • First-Class Extensions using Attribute
        • Custom Resources using Entity
        • Working with Extensions
        • Aidbox Search Parameters
      • Forms
      • Other
        • Custom Search
        • SearchQuery
        • Subscribe to new Patient resource
        • App Development Deprecated Tutorials
          • Receive logs from your app
            • X-Audit header
          • Patient Encounter notification Application
        • Other Deprecated Tutorials
          • Resource generation with map-to-fhir-bundle-task and subscription triggers
          • APM Aidbox
          • Automatically archive AuditEvent resources in GCP storage guide
          • HL7 v2 pipeline with Patient mapping
          • How to migrate to Apline Linux
          • How to migrate transaction id to bigint
          • How to fix broken dates
          • Configure multi-tenancy
        • AidboxProfile
        • GCP Pub/Sub
Powered by GitBook
On this page
  • SDC Roles Access
  • SDC Admin
  • Form Designer
  • Form Filler
  • Response Manager
  • Test access policies
  • SDC Admin
  • Form Designer
  • Form Filler
  • Response Manager
  • Mix roles (Form Filler + Response Manager)

Was this helpful?

Edit on GitHub
  1. Modules
  2. Aidbox Forms

Access Control in Forms

Form's access control

PreviousStore attachments in S3-like storagesNextAudit Logging in Forms

Last updated 20 days ago

Was this helpful?

Form's module access control can be set via aidbox

SDC Roles Access

SDC module suggests several roles which can be used independently or in a mix.

For DEVELOPMENT and configuration simplicity - it's better to use role with full access.

  • sdc admin - full access

For PRODUCTION it's better to have separate roles, with more precise access patterns.

For example we can split users into 3 groups.

  • form designer - creates and manages forms

  • form filler - end user which filling the form

  • response manager - reviews responses + populates new forms

SDC Admin

Policies:

  • Forms Grid

  • CRUD on all SDC resources (Questionnaire/QuestionnaireResponse/QuestionnaireTheme/SDCConfig/SDCPrintTemplate)

  • CRUD on production resources (Patient/Encounter/Observation resources)

  • all SDC operations

  • terminology related endpoints

policy
policy description

as-sdc-admin-forms-grid-rpc

Forms Grid with forms and responses

as-sdc-admin-manage-sdc-resources

Create/Update/Delete resources used in SDC Module

as-sdc-admin-manage-production-resources

Create/Update/Delete SDC related resources (Patient/Encounter/Observation/Practitioner)

as-sdc-admin-use-sdc-operations

Use all SDC operations

as-sdc-admin-use-terminology-operations

Use terminology operations (Search concepts, Valuesets) )

as-sdc-admin-forms-grid-rpc policy

Access to:

  • Questionnaires grid

  • Responses grid

PUT /AccessPolicy/as-sdc-admin-forms-grid-rpc
content-type: text/yaml
accept: text/yaml

resourceType: AccessPolicy
id: as-sdc-admin-forms-grid-rpc
type: rpc
engine: matcho-rpc
rpc:
 aidbox.sdc.grid/get-definition:
   user:
     roles:
       $contains:
         value: sdc-admin 

 aidbox.sdc.patient/forms-grid:
   user:
     roles:
       $contains:
         value: sdc-admin

 aidbox.sdc.patient/documents-workflows-grid:
   user:
     roles:
       $contains:
         value: sdc-admin

as-sdc-admin-manage-sdc-resources policy

CRUD access to next resources:

  • Questionnaire

  • QuestionnaireResponse

  • QuestionnaireTheme

  • SDCPrintTemplate

  • SDCConfig

PUT /AccessPolicy/as-sdc-admin-manage-sdc-resources
content-type: text/yaml
accept: text/yaml

id: as-sdc-admin-manage-sdc-resources
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-admin
  uri:
   $one-of:
      - '#/Questionnaire/.*$'
      - '#/Questionnaire$'
      - '#/QuestionnaireResponse/.*$'
      - '#/QuestionnaireResponse$'
      - '#/QuestionnaireTheme/.*$'
      - '#/QuestionnaireTheme$'
      - '#/SDCPrintTemplate/.*$'
      - '#/SDCPrintTemplate$'
      - '#/SDCConfig/.*$'
      - '#/SDCConfig$'
  request-method: 
     $one-of:
       - get
       - post
       - put
       - delete
       - patch

as-sdc-admin-manage-production-fhir-resources policy

CRUD access to next FHIR resources:

  • Patient

  • Encouner

  • Observation

  • Organization

  • Practitioner

This is typical resources that often used in SDC Flow. But you are free to add your own.

PUT /AccessPolicy/as-sdc-admin-manage-production-fhir-resources
content-type: text/yaml
accept: text/yaml

id: as-sdc-admin-manage-production-fhir-resources
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-admin
  uri:
   $one-of:
      - '#/Patient/.*$'
      - '#/Patient$'
      - '#/Encounter/.*$'
      - '#/Encounter$'
      - '#/Observation/.*$'
      - '#/Observation$'
      - '#/Organization/.*$'
      - '#/Organization$'
      - '#/Practitioner/.*$'
      - '#/Practitioner$'
  request-method: 
     $one-of:
       - get
       - post
       - put
       - delete
       - patch

as-sdc-admin-use-sdc-operations policy

PUT /AccessPolicy/as-sdc-admin-use-sdc-operations
content-type: text/yaml
accept: text/yaml

id: as-sdc-admin-use-sdc-operations
resourceType: AccessPolicy
engine: matcho
matcho:
  uri:
    $one-of:
    - '#\$save'
    - '#\$generate-link'
    - '#\$duplicate'
    - '#\$sdc-config'
    - '#\$process-response'
    - '#\$validate'
    - '#\$extract'
    - '#\$populate'
    - '#\$render'
    - '#\$submit'
    - '#\$usage'
    - '#\$assemble-all'
    - '#\$expand'
    - '#\$validate-response'
    - '#\$populatelink'
    - '#\$sdc-file'
    - '#\$generate-token'
    - '#\$assemble'
    - '#\$sdc-resource-types'
    - '#\$ai-generate-questionnaire'
    - '#\$openai-chat-completions'
    - '#\$sdc-resource-types'
    - '#\$sdc-resource-schema'
  request-method:
     $one-of:
       - post
       - get
       - put
       - delete
       - patch

as-sdc-admin-use-terminology-operations policy

Searching for ValueSets and concepts

PUT /AccessPolicy/as-sdc-admin-use-terminology-operations
content-type: text/yaml
accept: text/yaml

id: as-sdc-admin-use-terminology-operations
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-admin
  uri: 
    $one-of:
      - '#/ValueSet$'
      - '#/ValueSet/\$expand$'
  request-method:
    $one-of:
      - get
      - post

Form Designer

This role give access for

  • Forms Grid

  • Form Builder

  • Patient's and Encouner resources for populate purposes

Policies:

policy
policy description

as-sdc-form-designer-forms-grid-rpc

use forms grid

as-sdc-form-designer-read-config

read SDCConfig

as-sdc-form-designer-manage-themes

manage themes

as-sdc-form-designer-manage-questionnaire

Create/Read/Update/Delete Questionnaire

as-sdc-form-designer-populate-questionnaire

validate Questionnaire + QuestionnaireResponse

as-sdc-form-designer-extract-questionnaire

populate Questionnaire (+ search patient & encounter)

as-sdc-form-designer-validate-questionnaire-and-response

extract QuestionnaireResponse

as-sdc-form-designer-search-valueset

search for valuesets

as-sdc-form-designer-search-concepts

search for concepts

as-sdc-form-designer-use-ai-tools

use AI tools

as-sdc-form-designer-get-fhir-metadata

Get FHIR metadata to support Template resource editor

as-sdc-form-designer-forms-grid-rpc policy

grid with Questionnaires

PUT /AccessPolicy/as-sdc-form-designer-forms-grid-rpc
content-type: text/yaml
accept: text/yaml

resourceType: AccessPolicy
id: as-sdc-form-designer-forms-grid-rpc
type: rpc
engine: matcho-rpc
rpc:
 aidbox.sdc.grid/get-definition:
   user:
     roles:
       $contains:
         value: sdc-form-designer 

 aidbox.sdc.patient/forms-grid:
   user:
     roles:
       $contains:
         value: sdc-form-designer

as-sdc-form-designer-read-config policy

Access to configuration

PUT /AccessPolicy/as-sdc-form-designer-read-config
content-type: text/yaml
accept: text/yaml

id: as-sdc-form-designer-read-config
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-form-designer
  uri: '/$sdc-config'
  request-method: post

as-sdc-form-designer-manage-questionnaire policy

All operations for manaings and retrieving Questionnaire

PUT /AccessPolicy/as-sdc-form-designer-manage-questionnaire
content-type: text/yaml
accept: text/yaml

id: as-sdc-form-designer-manage-questionnaire
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-form-designer
  uri: 
    $one-of:
    - '#/Questionnaire$'
    - '#/Questionnaire/.*$'
    - '#/Questionnaire/\$save'
    - '#/Questionnaire/.*/\$usage'
    - '#/Questionnaire/.*/\$duplicate'
  request-method: 
    $one-of:
      - get
      - post
      - put
      - delete

as-sdc-form-designer-search-response policy

Searching for QuestionnaireResponses

Used for checking Questionnaire usage

PUT /AccessPolicy/as-sdc-form-designer-search-response
content-type: text/yaml
accept: text/yaml

id: as-sdc-form-designer-search-response
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-form-designer
  uri: '#/QuestionnaireResponse$'
  request-method: get

as-sdc-form-designer-validate-questionnaire-and-response policy

Validate Questionnaire and QuestionnaireResponse

PUT /AccessPolicy/as-sdc-form-designer-validate-questionnaire-and-response
content-type: text/yaml
accept: text/yaml

id: as-sdc-form-designer-validate-questionnaire-and-response
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-form-designer
  uri: 
    $one-of:
      - '#/Questionnaire/\$validate'
      - '#/QuestionnaireResponse/\$validate'
  request-method: post

as-sdc-form-designer-manage-themes policy

Retrive and manage Questionnaire themes

PUT /AccessPolicy/as-sdc-form-designer-manage-themes
content-type: text/yaml
accept: text/yaml

id: as-sdc-form-designer-manage-themes
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-form-designer
  uri: 
    $one-of: 
      - '#/QuestionnaireTheme$'
      - '#/QuestionnaireTheme/.*'
  request-method: 
    $one-of: 
      - get
      - post
      - put
      - delete

as-sdc-form-designer-search-patient-and-encounter-for-populate policy

Search for Patient and Encounter

Used for populate debug console

PUT /AccessPolicy/as-sdc-form-designer-search-patient-and-encounter-for-populate
content-type: text/yaml
accept: text/yaml

id: as-sdc-form-designer-search-patient-and-encounter-for-populate
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-form-designer
  uri: 
    $one-of: 
      - '#/Encounter$'
      - '#/Patient$'
  request-method: get

as-sdc-form-designer-populate-questionnaire policy

Test populate in debug console

PUT /AccessPolicy/as-sdc-form-designer-populate-questionnaire
content-type: text/yaml
accept: text/yaml

id: as-sdc-form-designer-populate-questionnaire
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-form-designer
  uri: '#/Questionnaire/\$populate$'
  request-method: post

as-sdc-form-designer-extract-questionnaire policy

Test extraction in Debug console

PUT /AccessPolicy/as-sdc-form-designer-extract-questionnaire
content-type: text/yaml
accept: text/yaml

id: as-sdc-form-designer-extract-questionnaire
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-form-designer
  uri: '#/QuestionnaireResponse/\$extract$'
  request-method: post

as-sdc-form-designer-search-valueset policy

Search for valuesets

PUT /AccessPolicy/as-sdc-form-designer-search-valueset
content-type: text/yaml
accept: text/yaml

id: as-sdc-form-designer-search-valueset
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-form-designer
  uri: '#/ValueSet$'
  request-method: get

as-sdc-form-designer-search-concepts policy

Search for concepts

Used for importing concepts

PUT /AccessPolicy/as-sdc-form-designer-search-concepts
content-type: text/yaml
accept: text/yaml

id: as-sdc-form-designer-search-concepts
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-form-designer
  uri: '#/ValueSet/\$expand$'
  request-method: 
    $one-of:
      - get
      - post

as-sdc-form-designer-use-ai-tools policy

Generate Questionnaire from PDF

PUT /AccessPolicy/as-sdc-form-designer-use-ai-tools
content-type: text/yaml
accept: text/yaml

id: as-sdc-form-designer-use-ai-tools
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-form-designer
  uri: 
    $one-of:
    - '/$ai-generate-questionnaire'
    - '/$openai-chat-completions'
  request-method: post

as-sdc-form-designer-get-fhir-metadata

Get FHIR metadata about Resources and their schemas

PUT /AccessPolicy/as-sdc-form-designer-get-fhir-metadata
content-type: text/yaml
accept: text/yaml

id: as-sdc-form-designer-get-fhir-metadata
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-form-designer
  uri: 
    $one-of:
    - '#\$sdc-resource-types'
    - '#\$sdc-resource-schema'
  request-method: get

Form Filler

Form filler role can load Questionnaire and QuestionnaireResponse, fill and submit it

policy
policy description

as-sdc-form-filler-read-config

Read SDCConfig

as-sdc-form-filler-read-questionnaire

Read Questionnaire and use it for rendering

as-sdc-form-filler-read-response

Read saved resposne and render it

as-sdc-form-filler-save-response

Save changed response

as-sdc-form-filler-submit-response

Submit response

as-sdc-form-filler-search-concepts

Search terminology concepts

as-sdc-form-filler-read-config policy

Read configuration

PUT /AccessPolicy/as-sdc-form-filler-read-config
content-type: text/yaml
accept: text/yaml

id: as-sdc-form-filler-read-config
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-form-filler
  uri: '/$sdc-config'
  request-method: post

as-sdc-form-filler-read-response policy

Read QuestionnaireResponse

PUT /AccessPolicy/as-sdc-form-filler-read-response
content-type: text/yaml
accept: text/yaml

id: as-sdc-form-filler-read-response
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-form-filler
  uri: '#/QuestionnaireResponse/.*'
  request-method: get

as-sdc-form-filler-read-questionnaire policy

Read Questionnaire

PUT /AccessPolicy/as-sdc-form-filler-read-questionnaire
content-type: text/yaml
accept: text/yaml

id: as-sdc-form-filler-read-questionnaire
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-form-filler
  uri: '#/Questionnaire/$'
  request-method: get

as-sdc-form-filler-save-response policy

Save QuestionnaireResponse

PUT /AccessPolicy/as-sdc-form-filler-save-response
content-type: text/yaml
accept: text/yaml

id: as-sdc-form-filler-save-response
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-form-filler
  uri: '#/QuestionnaireResponse/\$save'
  request-method:  post

as-sdc-form-filler-submit-response policy

Submit QuestionnaireResponse

PUT /AccessPolicy/as-sdc-form-filler-submit-response
content-type: text/yaml
accept: text/yaml

id: as-sdc-form-filler-submit-response
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-form-filler
  uri: '#/QuestionnaireResponse/\$submit'
  request-method:  post

as-sdc-form-filler-search-concepts policy

Search for concepts

Used in choice items with attached valueset

PUT /AccessPolicy/as-sdc-form-filler-search-concepts
content-type: text/yaml
accept: text/yaml

id: as-sdc-form-filler-search-concepts
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-form-filler
  uri: '#/ValueSet/\$expand'
  request-method: 
    $one-of:
       - post
       - get

Response Manager

Response manager role has access to

  • Forms grid

  • Responses grid

  • Read responses

  • Questionnaire population

  • shared link generation

policy
policy description

as-sdc-response-manager-forms-grid-rpc

Forms grid with forms and responses

as-sdc-response-manager-search-config

Search SDCConfigs before populate

as-sdc-response-manager-read-config

Read SDCConfig

as-sdc-response-manager-search-and-read-theme

Search and Read QuestionnaireTheme

as-sdc-response-manager-read-questionnaire

Read Quetionnaire for opening forms

as-sdc-response-manager-read-response

Read QuestionnaireResponse for looking into responses

as-sdc-response-manager-search-patient-and-encounter

Search for Encounters and Patients

as-sdc-response-manager-populate-questionnaire

Create new empty/prefilled responses

as-sdc-response-manager-generate-link

Create access link for response

as-sdc-response-manager-forms-grid-rpc policy

Forms grid with

  • Questionnaires

  • QuestionnaireResponses

PUT /AccessPolicy/as-sdc-response-manager-forms-grid-rpc
content-type: text/yaml
accept: text/yaml

resourceType: AccessPolicy
id: as-sdc-response-manager-forms-grid-rpc
type: rpc
engine: matcho-rpc
rpc:
 aidbox.sdc.grid/get-definition:
   user:
     roles:
       $contains:
         value: sdc-response-manager 
         
 aidbox.sdc.patient/forms-grid:
   user:
     roles:
       $contains:
         value: sdc-response-manager

 aidbox.sdc.patient/documents-workflows-grid:
   user:
     roles:
       $contains:
         value: sdc-response-manager

as-sdc-response-manager-search-config policy

Searh for SDCConfigs

Used for choosing config in 'share' (populatelink) UI

PUT /AccessPolicy/as-sdc-response-manager-search-config
content-type: text/yaml
accept: text/yaml

id: as-sdc-response-manager-search-config
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-response-manager
  uri: '#/SDCConfig$'
  request-method: get

as-sdc-response-manager-read-config policy

Read configuration

PUT /AccessPolicy/as-sdc-response-manager-read-config
content-type: text/yaml
accept: text/yaml

id: as-sdc-response-manager-read-config
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-response-manager
  uri: '/$sdc-config'
  request-method: post

as-sdc-response-manager-search-and-read-theme policy

Search and read theme

Used for choosing theme in 'share' (populatelink) UI

PUT /AccessPolicy/as-sdc-response-manager-search-and-read-theme
content-type: text/yaml
accept: text/yaml

id: as-sdc-response-manager-search-and-read-theme
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-response-manager
  uri: 
    $one-of: 
      - '#/QuestionnaireTheme$'
      - '#/QuestionnaireTheme/.*'
  request-method: get

as-sdc-response-manager-search-and-read-questionnaire policy

Search and read Questionnaires

PUT /AccessPolicy/as-sdc-response-manager-search-and-read-questionnaire
content-type: text/yaml
accept: text/yaml

id: as-sdc-response-manager-search-and-read-questionnaire
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-response-manager
  uri: 
    $one-of:
    - '#/Questionnaire$' 
    - '#/Questionnaire/.*$'
  request-method: get

as-sdc-response-manager-search-and-read-response policy

Search and read responses

PUT /AccessPolicy/as-sdc-response-manager-search-and-read-response
content-type: text/yaml
accept: text/yaml

id: as-sdc-response-manager-search-and-read-response
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-response-manager
  uri: 
    $one-of:
    - '#/QuestionnaireResponse' 
    - '#/QuestionnaireResponse/.*$'
  request-method: get

as-sdc-response-manager-search-patient-and-encounter policy

Search and read

  • Patient

  • Encounter

Used for choosing patient and encounter in 'share' (populatelink) UI

PUT /AccessPolicy/as-sdc-response-manager-search-patient-and-encounter
content-type: text/yaml
accept: text/yaml

id: as-sdc-response-manager-search-patient-and-encounter
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-response-manager
  uri: 
    $one-of:
    - '#/Encounter$' 
    - '#/Patient$'
  request-method: get

as-sdc-response-manager-populate-questionnaire policy

Populate questionnaire (from 'share' UI)

PUT /AccessPolicy/as-sdc-response-manager-populate-questionnaire
content-type: text/yaml
accept: text/yaml

id: as-sdc-response-manager-populate-questionnaire
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-response-manager
  uri: '#/Questionnaire/.*/\$populatelink$'
  request-method: post

as-sdc-response-manager-generate-link policy

Generate access links for responses

PUT /AccessPolicy/as-sdc-response-manager-generate-link
content-type: text/yaml
accept: text/yaml

id: as-sdc-response-manager-generate-link
resourceType: AccessPolicy
engine: matcho
matcho:
  user:
    roles:
      $contains:
        value: sdc-response-manager
  uri: '#/QuestionnaireResponse/.*/\$generate-link$'
  request-method: post

Test access policies

Examples of users with roles:

  • sdc admin

  • form designer

  • form filler

  • response manager

  • response manager + form filler

it's possible to mix roles together

SDC Admin

POST /User
content-type: text/yaml
accept: text/yaml

resourceType: User
id: sdc-admin-user
password: password
roles: 
  - value: sdc-admin

Form Designer

POST /User
content-type: text/yaml
accept: text/yaml

resourceType: User
id: form-designer-user
password: password
roles: 
  - value: sdc-form-designer

Form Filler

POST /User
content-type: text/yaml
accept: text/yaml

resourceType: User
id: form-filler-user
password: password
roles: 
  - value: sdc-form-filler

Response Manager

POST /User
content-type: text/yaml
accept: text/yaml

resourceType: User
id: response-manager-user
password: password
roles: 
  - value: sdc-response-manager

Mix roles (Form Filler + Response Manager)

POST /User
content-type: text/yaml
accept: text/yaml

resourceType: User
id: form-user
password: password
roles: 
  - value: sdc-response-manager
  - value: sdc-form-filler
ACL engine