Read Access Tag
Read Access Tag
Axiomatically, nobody is allowed to write FHIR resources (except Task) to the DSF FHIR server unless it is the organization running the instance, which is configurable. By default, the same applies to reading FHIR resources (again except Task). But since the DSF is often used to offer medical data in form of FHIR resources, other organizations should be allowed to read some of the resources on the DSF FHIR server. The Resource.meta.tag
element is used define access rules for all FHIR resources in the DSF, with the exception of Task resources. For example, allowing read access for all organizations would use the following system
and code
in your FHIR resource:
<meta>
<tag>
<system value="http://dsf.dev/fhir/CodeSystem/read-access-tag" />
<code value="ALL" />
</tag>
</meta>
All codes for the Read Access Tag can be found in its CodeSystem.
The read access rules for Task resources are defined through the requester
and recipient
elements of the dsf-extension-process-authorization in a plugin's ActivityDefinitions. Therefore, no read-access-tag
is needed.
It is also possible to restrict read access of FHIR resources to organizations with a specific role in a parent organization or a specific identifier. More information on that can be found in the guide on configuring the Read Access Tag.