Home

Awesome

fhir-works-on-aws-authz-rbac

This GitHub repository has been migrated. You can now find FHIR Works on AWS at https://github.com/aws-solutions/fhir-works-on-aws.

Purpose

Please visit fhir-works-on-aws-deployment for overall vision of the project and for more context.

This package is an implementation of the authorization interface from the FHIR Works interface. It uses role based access control (RBAC) to limit access to certain resource types and what operations one can do on those resource types. Cognito User Groups are used to determine which roles the user has. The User Group information is passed along in the OAuth access token when a user makes a request to the FHIR API. This means that the user must correctly obtained an access token from Cognito by using scopes of either:

To use and deploy this component (with the other 'out of the box' components) please follow the overall README

Infrastructure

This package assumes certain infrastructure:

Usage

For usage please add this package to your package.json file and install as a dependency. For usage examples please see the deployment component's package.json

Authorization rules

The rules are defined very simply and are in this format:

{
  <name-of-role>: {
    operations: [<array-of-operations-that-can-be-performed>],
    resources: [<array-of-resource-types>]
  }
}

For a working example please see RBACRules.ts in the deployment package

Dependency tree

This package is dependent on:

Known issues

For known issues please track the issues on the GitHub repository

Security

See CONTRIBUTING for more information.

License

This project is licensed under the Apache-2.0 License.