GITBOOK-3623: No subject

HealthSamurai · Oct 3, 2024 · 02ce201 · 02ce201
1 parent 06c066d
commit 02ce201
Show file tree

Hide file tree

Showing 3 changed files with 85 additions and 26 deletions.
diff --git a/modules-1/security-and-access-control/multitenancy/README.md b/modules-1/security-and-access-control/multitenancy/README.md
@@ -4,11 +4,7 @@ description: This section aggregates vision and approaches on multitenancy issue
 
 # Multitenancy
 
-There are many ways you can [build multitenancy on top of Aidbox](../../../security-and-access-control-1/multitenancy/README.md). Current section is going to focus on an upcoming into Aidbox first-class multitenancy, which will provide you a guided framework to built your own multitenant application on top of Aidbox.
-
-{% hint style="info" %}
-Aidbox first-class multitenancy module and approach is in the active process of crystallising into a final solution. And you may influence on that stage, in order to the module better meet your requirements and expectations by sharing your use case with Health Samurai team.
-{% endhint %}
+There are many ways you can [build multitenancy on top of Aidbox](../../../security-and-access-control-1/multitenancy/). Current section is going to focus on an upcoming into Aidbox first-class multitenancy, which will provide you a guided framework to built your own multitenant application on top of Aidbox.
 
 ## First-class multitenancy
 

diff --git a/...ty-and-access-control/multitenancy/how-to-enable-hierarchical-access-control.md b/...ty-and-access-control/multitenancy/how-to-enable-hierarchical-access-control.md
@@ -224,3 +224,29 @@ GET /Organization/org-b/fhir/Patient/pt-1
 GET /Organization/org-c/fhir/Patient/pt-1
 ```
 {% endcode %}
+
+## Configuring AccessPolicies
+
+
+
+```
+PUT /AccessPolicy/as-practitioner-allow-org-patients
+
+description: A practitioner should be able to get every patient in their organization.
+engine: matcho
+matcho:
+  params:
+    resource/type: Patient
+  request-method: get
+  user:
+    roles:
+      $contains:
+        value: 'practitioner'
+    meta:
+      extension:
+        $contains:
+          url: https://aidbox.app/tenant-organization-id
+          value:
+            Reference:
+              id: .params.organization/id
+```
diff --git a/...d-access-control/multitenancy/organization-based-hierarchical-access-control.md b/...d-access-control/multitenancy/organization-based-hierarchical-access-control.md
@@ -23,28 +23,41 @@ To achieve such a behavior, you may consider an Aidbox feature called organizati
 Let's create the organization structure in Aidbox:
 
 ```
-PUT /
-content-type: text/yaml
-accept: text/yaml
+POST /fhir
 
-- id: org-a
-  resourceType: Organization
-  name: Organization A
-- id: org-b
-  resourceType: Organization
-  partOf: {resourceType: Organization, id: org-a}
-  name: Organization B
-- id: org-c
-  resourceType: Organization
-  partOf: {resourceType: Organization, id: org-a}
-  name: Organization C
-- id: org-d
-  resourceType: Organization
-  name: Organization D
-- id: org-e
-  resourceType: Organization
-  partOf: {resourceType: Organization, id: org-d}
-  name: Organization E
+type: batch
+entry:
+- request:
+    method: PUT
+    url: Organization/org-a
+  resource:
+    name: Organization A
+- request:
+    method: PUT
+    url: Organization/org-b
+  resource:
+    name: Organization B
+    partOf: 
+      reference: Organization/org-a
+- request:
+    method: PUT
+    url: Organization/org-c
+  resource:
+    name: Organization C
+    partOf: 
+      reference: Organization/org-a
+- request:
+    method: PUT
+    url: Organization/org-d
+  resource:
+    name: Organization D
+- request:
+    method: PUT
+    url: Organization/org-E
+  resource:
+    name: Organization E
+    partOf: 
+      reference: Organization/org-d
 ```
 
 When an Organization resource is created, a dedicated FHIR API is deployed for that organization. This API provides access to the associated FHIR resources. Nested organization FHIR resources are accessible through the parent Organization API.
@@ -63,6 +76,8 @@ The Organization-based [Aidbox API ](../../fhir-resources/aidbox-and-fhir-format
 
 <figure><img src="../../../.gitbook/assets/Screenshot 2023-06-28 at 15.42.54.png" alt=""><figcaption><p>FHIR APIs reflection in organization-based access control</p></figcaption></figure>
 
+### Try Org-BAC
+
 Let's play with new APIs.
 
 We will create a Patient resource in Org B:
@@ -82,6 +97,28 @@ Now we can read it:
 GET /Organization/org-b/fhir/Patient/pt-1
 ```
 
+Note, that patient has a  `https://aidbox.app/tenant-organization-id` extension, which references `org-b`.&#x20;
+
+```
+id: >-
+  pt-1
+meta:
+  extension:
+    - url: https://aidbox.app/tenant-organization-id
+      valueReference:
+        reference: Organization/org-b
+    - url: ex:createdAt
+      valueInstant: '2024-10-03T15:02:09.039005Z'
+  lastUpdated: '2024-10-03T15:02:09.039005Z'
+  versionId: '336'
+name:
+  - given:
+      - John
+    family: Smith
+gender: male
+resourceType: Patient
+```
+
 The resource is also accessible through Org A API:
 
 ```