GITBOOK-3715: No subject

SUMMARY.md

@@ -317,18 +317,18 @@
     * [Authentication Tutorial](modules/security-and-access-control/readme-1-1/basic-auth-tutorial.md)
     * [Creating user & set up full user access](modules/security-and-access-control/readme-1-1/creating-user-and-set-up-full-user-access.md)
     * [Restricting Access to Patient Data](modules/security-and-access-control/readme-1-1/restricting-access-to-patient-data.md)
+    * [Create and test access control](modules/security-and-access-control/readme-1-1/access-policy.md)
+    * [RBAC](modules/security-and-access-control/readme-1-1/rbac/README.md)
+      * [Flexible RBAC built-in to Aidbox](modules/security-and-access-control/readme-1-1/rbac/role-based-access-policies.md)
+      * [RBAC with JWT containing role](modules/security-and-access-control/readme-1-1/rbac/role-based-access-control-with-jwt-containing-role.md)
+      * [RBAC with ACL](modules/security-and-access-control/readme-1-1/rbac/role-based-access-control-with-acl.md)
+    * [Set-up token introspection](modules/security-and-access-control/readme-1-1/token-introspection.md)
+    * [Prohibit user to login](modules/security-and-access-control/readme-1-1/configuration-options.md)
+    * [Debug access control](modules/security-and-access-control/readme-1-1/debug.md)
   * [How-to guides](modules/security-and-access-control/how-to-guides/README.md)
-    * [Create and test access control](modules/security-and-access-control/how-to-guides/access-policy.md)
-    * [RBAC](modules/security-and-access-control/how-to-guides/rbac/README.md)
-      * [Flexible RBAC built-in to Aidbox](modules/security-and-access-control/how-to-guides/rbac/role-based-access-policies.md)
-      * [RBAC with JWT containing role](modules/security-and-access-control/how-to-guides/rbac/role-based-access-control-with-jwt-containing-role.md)
-      * [RBAC with ACL](modules/security-and-access-control/how-to-guides/rbac/role-based-access-control-with-acl.md)
     * [SMART on FHIR](modules/security-and-access-control/how-to-guides/smart-on-fhir/README.md)
       * [Set up SMART on FHIR in Aidbox](modules/security-and-access-control/how-to-guides/smart-on-fhir/smart-on-fhir-app-launch.md)
       * [Get a SMART App launched](modules/security-and-access-control/how-to-guides/smart-on-fhir/smart-of-fhir.md)
-    * [Set-up token introspection](modules/security-and-access-control/how-to-guides/token-introspection.md)
-    * [Prohibit user to login](modules/security-and-access-control/how-to-guides/configuration-options.md)
-    * [Debug access control](modules/security-and-access-control/how-to-guides/debug.md)
   * [Technical reference](modules/security-and-access-control/readme-1/README.md)
     * [User, Session, Client resources](modules/security-and-access-control/readme-1/overview.md)
     * [Tokens processing](modules/security-and-access-control/readme-1/tokens-processing.md)

modules/security-and-access-control/how-to-guides/smart-on-fhir/README.md

@@ -1,2 +1,6 @@
+---
+hidden: true
+---
+
 # SMART on FHIR
 

modules/security-and-access-control/readme-1-1/relationship-based-access-control-in-aidbox.md

@@ -25,7 +25,7 @@ Our security policy says:
 
 > _User has access to all studies they collaborate on and to all patient records within those studies._
 
-Authorization model that best suits our task is [relationship-based access control](https://en.wikipedia.org/wiki/Relationship-based\_access\_control) (ReBAC). It states that _'subject's permission to access a resource is defined by the presence of relationships between those subjects and resources'_.
+Authorization model that best suits our task is [relationship-based access control](https://en.wikipedia.org/wiki/Relationship-based_access_control) (ReBAC). It states that _'subject's permission to access a resource is defined by the presence of relationships between those subjects and resources'_.
 
 We will focus only on read access, expecting that all data is uploaded. We will upload prepared sample data later on implementation section.
 
@@ -489,7 +489,7 @@ And we met this requirement using ReBAC authorization model. In order to achieve
 
 ### What's next
 
-Writing access policies may be tricky some time, Aidbox has tooling to [debug AccessPolicy](../how-to-guides/debug.md).
+Writing access policies may be tricky some time, Aidbox has tooling to [debug AccessPolicy](debug.md).
 
 ## Talk to a Health Samurai Engineer
 

modules/security-and-access-control/readme-1-1/restrict-resource-operations.md

@@ -104,4 +104,4 @@ Aidbox router stores data in the request object:
 
 Access policy engine evaluates request object. And here it checks that `operation.id` property contains either `Read` or `FhirRead` string.
 
-You can inspect request object [using `__debug` query parameter](../how-to-guides/debug.md#\_\_debug-query-string-parameter).
+You can inspect request object [using `__debug` query parameter](debug.md#__debug-query-string-parameter).

modules/security-and-access-control/security/simple-role-based-access-control.md

@@ -12,8 +12,8 @@ Each `Role` resource assigns a role to a `User.` `AccessPolicy` resource has an
 
 ## Guide: flexible RBAC
 
-{% content-ref url="../how-to-guides/rbac/role-based-access-policies.md" %}
-[role-based-access-policies.md](../how-to-guides/rbac/role-based-access-policies.md)
+{% content-ref url="../readme-1-1/rbac/role-based-access-policies.md" %}
+[role-based-access-policies.md](../readme-1-1/rbac/role-based-access-policies.md)
 {% endcontent-ref %}
 
 ## Create a patient
@@ -100,4 +100,4 @@ Aidbox router stores data in the request object:
 
 Access policy engine evaluates request object. And here it checks that `user.roles[].value` property contains `practitioner` string.
 
-You can inspect request object [using `__debug` query parameter](../how-to-guides/debug.md#\_\_debug-query-string-parameter).
+You can inspect request object [using `__debug` query parameter](../readme-1-1/debug.md#__debug-query-string-parameter).

modules/security-and-access-control/smart-on-fhir/smart-scopes-for-limiting-access.md

@@ -27,7 +27,7 @@ To enable scope checking in the Access Control layer, the JWT access token must
 
  \* - required claim
 
-For scope checking, Aidbox accepts any valid JWT tokens issued by [external servers](../how-to-guides/token-introspection.md) if they contain the specified scopes and Aidbox can issue its own JWT tokens with all the required claims.
+For scope checking, Aidbox accepts any valid JWT tokens issued by [external servers](../readme-1-1/token-introspection.md) if they contain the specified scopes and Aidbox can issue its own JWT tokens with all the required claims.
 
 ### Example