From f999a45785596138f2c331ffa7f8bec7abc34171 Mon Sep 17 00:00:00 2001 From: Svyatoslav Krivosheev Date: Thu, 3 Oct 2024 15:32:31 +0000 Subject: [PATCH] GITBOOK-3624: No subject --- .../how-to-enable-hierarchical-access-control.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/modules-1/security-and-access-control/multitenancy/how-to-enable-hierarchical-access-control.md b/modules-1/security-and-access-control/multitenancy/how-to-enable-hierarchical-access-control.md index 303abd3b..7763b0d6 100644 --- a/modules-1/security-and-access-control/multitenancy/how-to-enable-hierarchical-access-control.md +++ b/modules-1/security-and-access-control/multitenancy/how-to-enable-hierarchical-access-control.md @@ -227,21 +227,20 @@ GET /Organization/org-c/fhir/Patient/pt-1 ## Configuring AccessPolicies +To allow some user/client to interact with a organization-based resources, AccessPolicy should be configured to check organization id from the `https://aidbox.app/tenant-organization-id` extension of User/Client resource. +This example allows org-based user (created by `PUT /Organization//fhir/User`) to see patients that are also created by OrgBAC. ``` -PUT /AccessPolicy/as-practitioner-allow-org-patients +PUT /AccessPolicy/as-user-allow-org-patients -description: A practitioner should be able to get every patient in their organization. +description: A user should be able to get every patient in their organization. engine: matcho matcho: params: resource/type: Patient request-method: get user: - roles: - $contains: - value: 'practitioner' meta: extension: $contains: