Simple Role-Based Access Control
Aidbox provides role-based access control mechanism based on roles property in User resource.
This article demonstrates how to create a user for a practitioner and allow practitioners to read patients data.
See also Role-Based Access Control for a guide on flexible RBAC using Role resource.
Create a patient
Create a user
Create a user containing practitioner
role.
Create an access policy
Create an access policy which allows practitioners to read patients data.
Please note that if you like to add multiple request methods when using matcho engine you should use $one-of
notation:
Try it
Log in as user-1
.
Read patient data
Aidbox will return you a Patient resource.
What's going on here
When you make a query
Aidbox router stores data in the request object:
Uri
/Patient/pt-1
in theuri
property.Method
get
in therequest-method
property.User data in
user
property. In particularuser.roles[].value
contains user roles.
Access policy engine evaluates request object. And here it checks that user.roles[].value
property contains practitioner
string.
You can inspect request object using __debug
query parameter.
Last updated