Release 5 Ballot

This page is part of the FHIR Specification (v5.0.0-ballot: FHIR R5 Ballot Preview). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions

4.4.1.673 ValueSet http://hl7.org/fhir/ValueSet/permission-rule-combining

Security Work Group Maturity Level: 0Trial Use Use Context: Not yet ready for Production use, Not yet ready for Production use

This is a value set defined by the FHIR project.

Summary

Defining URL:http://hl7.org/fhir/ValueSet/permission-rule-combining
Version:5.0.0-ballot
Name:PermissionRuleCombining
Title:PermissionRuleCombining
Status:draft
Definition:

Codes identifying rule combining algorithm.

Committee:Security Work Group
OID:2.16.840.1.113883.4.642.3.3231 (for OID based terminology systems)
Flags:Experimental, Immutable

This value set is used in the following places:


 

This expansion generated 07 Sep 2022


This value set contains 6 concepts

Expansion based on PermissionRuleCombining v5.0.0-ballot (CodeSystem)

CodeSystemDisplayDefinition
  deny-overrideshttp://hl7.org/fhir/permission-rule-combiningDeny-overrides

The deny overrides combining algorithm is intended for those cases where a deny decision should have priority over a permit decision.

  permit-overrideshttp://hl7.org/fhir/permission-rule-combiningPermit-overrides

The permit overrides combining algorithm is intended for those cases where a permit decision should have priority over a deny decision.

  ordered-deny-overrideshttp://hl7.org/fhir/permission-rule-combiningOrdered-deny-overrides

The behavior of this algorithm is identical to that of the “Deny-overrides” rule-combining algorithm with one exception. The order in which the collection of rules is evaluated SHALL match the order as listed in the permission.

  ordered-permit-overrideshttp://hl7.org/fhir/permission-rule-combiningOrdered-permit-overrides

The behavior of this algorithm is identical to that of the “Permit-overrides” rule-combining algorithm with one exception. The order in which the collection of rules is evaluated SHALL match the order as listed in the permission.

  deny-unless-permithttp://hl7.org/fhir/permission-rule-combiningDeny-unless-permit

The “Deny-unless-permit” combining algorithm is intended for those cases where a permit decision should have priority over a deny decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result.

  permit-unless-denyhttp://hl7.org/fhir/permission-rule-combiningPermit-unless-deny

The “Permit-unless-deny” combining algorithm is intended for those cases where a deny decision should have priority over a permit decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result. This algorithm has the following behavior.

 

See the full registry of value sets defined as part of FHIR.


Explanation of the columns that may appear on this page:

LvlA few code lists that FHIR defines are hierarchical - each code is assigned a level. For value sets, levels are mostly used to organize codes for user convenience, but may follow code system hierarchy - see Code System for further information
SourceThe source of the definition of the code (when the value set draws in codes defined elsewhere)
CodeThe code (used as the code in the resource instance). If the code is in italics, this indicates that the code is not selectable ('Abstract')
DisplayThe display (used in the display element of a Coding). If there is no display, implementers should not simply display the code, but map the concept into their application
DefinitionAn explanation of the meaning of the concept
CommentsAdditional notes about how to use the code