-
Notifications
You must be signed in to change notification settings - Fork 12
/
permissions.acl
158 lines (156 loc) · 4.44 KB
/
permissions.acl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
/*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
rule SystemACL {
description: "System ACL to permit all access"
participant: "org.hyperledger.composer.system.Participant"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
rule NetworkAdminUser {
description: "Grant business network administrators full access to user resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "**"
action: ALLOW
}
rule NetworkAdminSystem {
description: "Grant business network administrators full access to system resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
/**
* Sample access control list.
*/
rule DocPrescR{
description: "Doctor allowed to read"
participant: "org.ehr.basic.Doctor"
operation: READ
resource: "org.ehr.basic.Prescription"
action: ALLOW
}
rule PthPrescR{
description: "PathLab allowed to read"
participant: "org.ehr.basic.PathLab"
operation: READ
resource: "org.ehr.basic.Prescription"
action: ALLOW
}
rule PatR{
description: "Patient allowed to read all assets"
participant: "org.ehr.basic.Patient"
operation: READ
resource: "org.ehr.basic.*"
action: ALLOW
}
rule DocPrescC{
description: "Only Doctor is allowed to create"
participant: "org.ehr.basic.Doctor"
operation: CREATE
resource: "org.ehr.basic.Prescription"
action: ALLOW
}
rule DocMedprescC{
description: "Only Doctors is allowed to create"
participant: "org.ehr.basic.Doctor"
operation: CREATE
resource: "org.ehr.basic.MedPresc"
action: ALLOW
}
rule DocAppointmentC{
description: "Only Doctor is allowed to create"
participant: "org.ehr.basic.Doctor"
operation: CREATE
resource: "org.ehr.basic.Appointment"
action: ALLOW
}
rule ChmRecieptC{
description: "Only Chemist is allowed to create"
participant: "org.ehr.basic.Chemist"
operation: CREATE
resource: "org.ehr.basic.Receipt"
action: ALLOW
}
rule PthRecieptC{
description: "Only PathLab is allowed to create"
participant: "org.ehr.basic.PathLab"
operation: CREATE
resource: "org.ehr.basic.Receipt"
action: ALLOW
}
rule DocMedprescR{
description: "Only Doctor is allowed to read"
participant: "org.ehr.basic.Doctor"
operation: READ
resource: "org.ehr.basic.MedPresc"
action: ALLOW
}
rule ChmMedprescR{
description: "Only Chemist is allowed to read"
participant: "org.ehr.basic.Chemist"
operation: READ
resource: "org.ehr.basic.MedPresc"
action: ALLOW
}
rule DocAppointmentR{
description: "Only Doctor is allowed to read"
participant: "org.ehr.basic.Doctor"
operation: READ
resource: "org.ehr.basic.Appointment"
action: ALLOW
}
rule ChmRecieptR{
description: "Only Chemist is allowed to read"
participant: "org.ehr.basic.Chemist"
operation: READ
resource: "org.ehr.basic.Receipt"
action: ALLOW
}
rule PthRecieptR{
description: "Only PathLab is allowed to read"
participant: "org.ehr.basic.PathLab"
operation: READ
resource: "org.ehr.basic.Receipt"
action: ALLOW
}
rule PatClaimR {
description: "Only Patient is allowed to read"
participant: "org.ehr.basic.Patient"
operation: READ
resource: "org.ehr.basic.Insurance"
action: ALLOW
}
rule DocPrescU{
description: "Doctor allowed to update"
participant: "org.ehr.basic.Doctor"
operation: UPDATE
resource: "org.ehr.basic.Prescription"
action: ALLOW
}
rule DocMedprescU{
description: "Only Doctors is allowed to update"
participant: "org.ehr.basic.Doctor"
operation: UPDATE
resource: "org.ehr.basic.MedPresc"
action: ALLOW
}
rule DocAppointmentU{
description: "Only Doctor is allowed to update"
participant: "org.ehr.basic.Doctor"
operation: UPDATE
resource: "org.ehr.basic.Appointment"
action: ALLOW
}