...
- ABAC doesn't provide possibility to manage access to lists of resources - May be implemented in future
- It means that if there is a business rule that '/api/patients/{patient_id}/conditions/' should return only conditions that are referenced to episodes of the legal_entity. This rule will not be implemented on ABAC.
Architecture
Data model - TBD
https://docs.google.com/spreadsheets/d/1A59VIXzxJGLxdd6XH2siPQqOcgVfkGy-1mpR7_4vK4Y/edit#gid=0
...