...
...
...
...
...
...
...
...
...
| Table of Contents |
|---|
| Child pages (Children Display) | ||||
|---|---|---|---|---|
|
Description
Service to manage time-limited access to users resources.
All the approvals are stored centralized. Unfortunately we cannot use JWT because of the patient use cases.
Approvals are used by ABAC service as a data source to make decisions based on rules
Approvals are persistently stored in the medical events MongoDB.
There should be no MPI_id in DB, only mpi-hash.
...
Name | Type | M/O | Description and constraints |
|---|---|---|---|
id | string | m | id of approval |
patient_id | string | m | mpi_id hash |
granted_resources | Reference | m | list of resources that are allowed by approval |
granted_to | Reference | m | type and identifier of entity to whom access has been granted (employee or legal_entity) |
expires_at | timestamp | m | expiration date-time timestamp |
granted_by | Reference | m | type and identifier of entity who has granted access. It can be MPI_id, duarantee or MOZ/NSZU in future. |
reason | Reference | o | type and identifier of entity based on which approval has been created |
status | string | m | new, active |
access_level | string | m | only `read` is supported |
urgent | Object | m | authentication_type and phone number |
inserted_at | datetime | m | |
inserted_by | guid | m | |
updated_at | datetime | m | |
updated_by | guid | m |
...