Role-Based Access Control (/RBAC)

Last updated 11 days ago

Was this helpful?

Aidbox provides a role-based access control mechanism based on access policies and User resource.

Create a user

Create a user containing practitioner role.

Create an access policy that allows practitioners to read patients' data.

Please note that if you like to add multiple request methods when using matcho engine you should use $one-of notation:

Click "Logout" in the AidboxUI navigation. Log in using user-1 credentials (user-1 /password).

Aidbox will return you a Patient resource.

When you make a query

Aidbox router stores data in the request object:

Uri /Patient/pt-1 in the uri property.
Method get in the request-method property.
User data in user property. In particular user.roles[].value contains user roles.

Access policy engine evaluates request object. And here it checks that user.roles[].value property contains practitioner string.

Last updated 11 days ago

Was this helpful?