Roles
A Role defines an access policy that can be assigned to any number of Developers, Users, and M2M Clients.
For example, you might have a role named "providers" which you give to all of the doctor Users who use your EHR app:
{
"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"name": "providers",
"description": "Grants permission to read and search all FHIR resources, and CRUD Encounters and Observations.",
"accessPolicy": {
"rule": [
{
"resource": ["FHIR:*"],
"action": ["FHIR:Read", "FHIR:Search"],
"effect": "Allow"
},
{
"resource": ["FHIR:Encounter:*", "FHIR:Observation:*"],
"action": ["FHIR:*"],
"effect": "Allow"
}
]
}
}
Using Roles
Creating a Role
To get started with Roles, create a role using any of the Developer Console, SDK, or API endpoint:
import zapehr from '@zapehr/sdk';
zapehr.init({
ZAPEHR_ACCESS_TOKEN: "<your_access_token>",
});
const role = await zapehr.project.role.create({
name: 'Full FHIR Access',
accessPolicy: {
rule: [
{
resource: ['FHIR:*'],
action: ['FHIR:*'],
effect: 'Allow',
},
],
},
});
Assigning a Role
Once you have created a Role, you can assign it to Developers, Users, and M2M Clients. For example, here's how you can assign a role to an M2M Client:
import zapehr from '@zapehr/sdk';
zapehr.init({
ZAPEHR_ACCESS_TOKEN: "<your_access_token>",
});
const updatedM2m = await zapehr.project.m2m.update({
id: '23357fe7-3362-484d-a040-a6e572d59de1',
name: 'SuperAdminM2M',
accessPolicy: {
rule: [],
},
roles: ['3daa3a95-5aad-4e28-aabb-86a161324d5c'],
});
In the example, 3dda3a95-5aad-4e28-aabb-86a161324d5c
is the ID of the role you want to assign to the M2M Client. The Role ID is returned to you when you create the Role. You can also find Role ID in the Developer Console, or fetch them with the API or SDK using the List (opens in a new tab) and Get (opens in a new tab) endpoints.