R6 Ballot (2nd Draft)

Publish-box (todo)

4.3.2.419 CodeSystem http://hl7.org/fhir/permission-rule-combining

Security icon Work Group  Maturity Level: 0 Trial Use Use Context: Country: World
Official URL: http://hl7.org/fhir/permission-rule-combining Version: 6.0.0-ballot2
active as of 2022-08-05 Computable Name: PermissionRuleCombining
Flags: CaseSensitive, Complete OID: 2.16.840.1.113883.4.642.4.2070

This Code system is used in the following value sets:


Codes identifying the rule combining. See XACML Combining algorithms http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cos01-en.html

Generated Narrative: CodeSystem permission-rule-combining

Last updated: 2024-08-12T19:52:12.437+11:00

Profile: Shareable CodeSystem

This case-sensitive code system http://hl7.org/fhir/permission-rule-combining defines the following codes:

CodeDisplayDefinitionCopy
deny-overrides Deny-overrides The deny overrides combining algorithm is intended for those cases where a deny decision should have priority over a permit decision. btn btn
permit-overrides Permit-overrides The permit overrides combining algorithm is intended for those cases where a permit decision should have priority over a deny decision. btn btn
ordered-deny-overrides Ordered-deny-overrides The behavior of this algorithm is identical to that of the “Deny-overrides” rule-combining algorithm with one exception. The order in which the collection of rules is evaluated SHALL match the order as listed in the permission. btn btn
ordered-permit-overrides Ordered-permit-overrides The behavior of this algorithm is identical to that of the “Permit-overrides” rule-combining algorithm with one exception. The order in which the collection of rules is evaluated SHALL match the order as listed in the permission. btn btn
deny-unless-permit Deny-unless-permit The “Deny-unless-permit” combining algorithm is intended for those cases where a permit decision should have priority over a deny decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result. btn btn
permit-unless-deny Permit-unless-deny The “Permit-unless-deny” combining algorithm is intended for those cases where a deny decision should have priority over a permit decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result. This algorithm has the following behavior. btn btn

 

See the full registry of code systems defined as part of FHIR.


Explanation of the columns that may appear on this page:

Level A few code lists that FHIR defines are hierarchical - each code is assigned a level. See Code System for further information.
Source The source of the definition of the code (when the value set draws in codes defined elsewhere)
Code The code (used as the code in the resource instance). If the code is in italics, this indicates that the code is not selectable ('Abstract')
Display The display (used in the display element of a Coding). If there is no display, implementers should not simply display the code, but map the concept into their application
Definition An explanation of the meaning of the concept
Comments Additional notes about how to use the code