Since Aidbox version 2412, to enable OrgBAC in , use:

If your Aidbox version is lower or you do not use FHIRSchema mode, use and import aidbox.multitenancy.v1.fhir-r4or aidbox.multitenancy.v1.fhir-r5namespace.

Ensure the hierarchical access control works

Create nested Organization resources

Use Aidbox UI Rest Console to create nested Organization resources.

Root organization

Child organization

Grant-child organization

You should have 3 nested organizations for now

Create resource in the Organization B

Use Aidbox UI Rest Console to create Patient resource in the organization B.

Check access control works

Patient is visible from the Organization above (org-a)

Patient is visible from its Organization (org-b)

Patient is not visible from the nested Organization (org-c)

Configuring AccessPolicies

To allow some user/client to interact with a organization-based resources, AccessPolicy should be configured to check organization id from the https://aidbox.app/tenant-organization-id extension of User/Client resource.

This example allows org-based user (created by PUT /Organization/<org-id>/fhir/User) to see patients that are also created by OrgBAC.