Release 5 Ballot

This page is part of the FHIR Specification (v5.0.0-ballot: FHIR R5 Ballot Preview). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions

4.3.2.476 CodeSystem http://hl7.org/fhir/permission-rule-combining

Security Work Group Maturity Level: 0Trial Use Use Context: Any

This is a code system defined by the FHIR project.

Summary

Defining URL:http://hl7.org/fhir/permission-rule-combining
Version:5.0.0-ballot
Name:PermissionRuleCombining
Title:PermissionRuleCombining
Status:draft
Definition:

Codes identifying the rule combining. See XACML Combining algorithms http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cos01-en.html

Committee:Security Work Group
OID:2.16.840.1.113883.4.642.4.2070 (for OID based terminology systems)
Flags:CaseSensitive, Complete

This Code system is used in the following value sets:

This code system http://hl7.org/fhir/permission-rule-combining defines the following codes:

CodeDisplayDefinitionCopy
deny-overrides Deny-overridesThe deny overrides combining algorithm is intended for those cases where a deny decision should have priority over a permit decision. 
permit-overrides Permit-overridesThe permit overrides combining algorithm is intended for those cases where a permit decision should have priority over a deny decision. 
ordered-deny-overrides Ordered-deny-overridesThe behavior of this algorithm is identical to that of the “Deny-overrides” rule-combining algorithm with one exception. The order in which the collection of rules is evaluated SHALL match the order as listed in the permission. 
ordered-permit-overrides Ordered-permit-overridesThe behavior of this algorithm is identical to that of the “Permit-overrides” rule-combining algorithm with one exception. The order in which the collection of rules is evaluated SHALL match the order as listed in the permission. 
deny-unless-permit Deny-unless-permitThe “Deny-unless-permit” combining algorithm is intended for those cases where a permit decision should have priority over a deny decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result. 
permit-unless-deny Permit-unless-denyThe “Permit-unless-deny” combining algorithm is intended for those cases where a deny decision should have priority over a permit decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result. This algorithm has the following behavior. 

 

See the full registry of code systems defined as part of FHIR.


Explanation of the columns that may appear on this page:

LevelA few code lists that FHIR defines are hierarchical - each code is assigned a level. See Code System for further information.
SourceThe source of the definition of the code (when the value set draws in codes defined elsewhere)
CodeThe code (used as the code in the resource instance). If the code is in italics, this indicates that the code is not selectable ('Abstract')
DisplayThe display (used in the display element of a Coding). If there is no display, implementers should not simply display the code, but map the concept into their application
DefinitionAn explanation of the meaning of the concept
CommentsAdditional notes about how to use the code