Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] How to configure fine-grained authentication and authorization? #1394

Closed
medlab001 opened this issue Oct 26, 2020 · 3 comments
Closed

[Question] How to configure fine-grained authentication and authorization? #1394

medlab001 opened this issue Oct 26, 2020 · 3 comments
Assignees
@CaitlinV39
Labels
Area-Authorization Area related to authorization. Epic Describes something that would be an Epic with many features and user stories Informational The issue will stay open as an FYI issue for now but does not require action Question Issue is a question?

Comments

@medlab001
Copy link

I've set up the PaaS FHIR server on Azure and integrated B2C for user account registration and logins. My app includes self-help portals for patients and portals for Physicians. This means that only physicians that are assigned to patients (with say, an admin account), can read that patient's data. How do I accomplish this?

I tried to setup an API Gateway and inspect URL and body parameters to check Physician and Patient mapping, and conditionally forward requests, but this isn't scaling well. What alternatives do I have? How do I enable this fine grained access controls to each resource on the FHIR server?

Thanks!
@medlab001 medlab001 added the Question Issue is a question? label Oct 26, 2020
@CaitlinV39 CaitlinV39 self-assigned this Feb 2, 2021
@CaitlinV39 CaitlinV39 added Informational The issue will stay open as an FYI issue for now but does not require action Epic Describes something that would be an Epic with many features and user stories Area-Authorization Area related to authorization. labels Aug 13, 2021
@CaitlinV39
Copy link
Contributor

@medlab001 - I realize this question is really old, but right now we don't support this on the FHIR server directly. We recommend using the FHIR proxy available here: https://aka.ms/fhirproxy

@EXPEkesheth
Copy link
Collaborator

@medlab001 - Azure B2C integration is supported with FHIR service, please refer to the documentation for more details.
Note this support is available only on Azure Health Data Services.

Fine grained access control, can we achieved using SMART support in AHDS. Please refer to documentation for more details .

@EXPEkesheth
Copy link
Collaborator

@medlab001 closing the issue as B2C support is available in FHIR service

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@CaitlinV39 CaitlinV39

Labels
Area-Authorization Area related to authorization. Epic Describes something that would be an Epic with many features and user stories Informational The issue will stay open as an FYI issue for now but does not require action Question Issue is a question?
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@EXPEkesheth @CaitlinV39 @medlab001