Snapshot 3: Connectathon 32 Base

This page is part of the FHIR Specification (v5.0.0-snapshot3: R5 Snapshot #3, to support Connectathon 32). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions

4.3.2.438 CodeSystem http://hl7.org/fhir/permission-rule-combining

Security icon Work Group Maturity Level: 0Trial Use Use Context: Country: World, Country: World
Official URL: http://hl7.org/fhir/permission-rule-combining Version: 5.0.0-snapshot3
active as of 2022-08-05 Computable Name: PermissionRuleCombining
Flags: CaseSensitive, Complete OID: 2.16.840.1.113883.4.642.4.2070

This Code system is used in the following value sets:


Codes identifying the rule combining. See XACML Combining algorithms http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cos01-en.html

This code system http://hl7.org/fhir/permission-rule-combining defines the following codes:

CodeDisplayDefinitionCopy
deny-overrides Deny-overridesThe deny overrides combining algorithm is intended for those cases where a deny decision should have priority over a permit decision.btn btn
permit-overrides Permit-overridesThe permit overrides combining algorithm is intended for those cases where a permit decision should have priority over a deny decision.btn btn
ordered-deny-overrides Ordered-deny-overridesThe behavior of this algorithm is identical to that of the “Deny-overrides” rule-combining algorithm with one exception. The order in which the collection of rules is evaluated SHALL match the order as listed in the permission.btn btn
ordered-permit-overrides Ordered-permit-overridesThe behavior of this algorithm is identical to that of the “Permit-overrides” rule-combining algorithm with one exception. The order in which the collection of rules is evaluated SHALL match the order as listed in the permission.btn btn
deny-unless-permit Deny-unless-permitThe “Deny-unless-permit” combining algorithm is intended for those cases where a permit decision should have priority over a deny decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result.btn btn
permit-unless-deny Permit-unless-denyThe “Permit-unless-deny” combining algorithm is intended for those cases where a deny decision should have priority over a permit decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result. This algorithm has the following behavior.btn btn

 

See the full registry of code systems defined as part of FHIR.


Explanation of the columns that may appear on this page:

LevelA few code lists that FHIR defines are hierarchical - each code is assigned a level. See Code System for further information.
SourceThe source of the definition of the code (when the value set draws in codes defined elsewhere)
CodeThe code (used as the code in the resource instance). If the code is in italics, this indicates that the code is not selectable ('Abstract')
DisplayThe display (used in the display element of a Coding). If there is no display, implementers should not simply display the code, but map the concept into their application
DefinitionAn explanation of the meaning of the concept
CommentsAdditional notes about how to use the code