Publish-box (todo)
Security Work Group | Maturity Level: N/A | Standards Status: Informative | Compartments: No defined compartments |
ShEx statement for permission
PREFIX fhir: <http://hl7.org/fhir/> PREFIX fhirvs: <http://hl7.org/fhir/ValueSet/> PREFIX xsd: <http://www.w3.org/2001/XMLSchema#> PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> IMPORT <code.shex> IMPORT <Group.shex> IMPORT <Period.shex> IMPORT <Coding.shex> IMPORT <Device.shex> IMPORT <Patient.shex> IMPORT <CareTeam.shex> IMPORT <dateTime.shex> IMPORT <Resource.shex> IMPORT <Reference.shex> IMPORT <Identifier.shex> IMPORT <Expression.shex> IMPORT <Organization.shex> IMPORT <Practitioner.shex> IMPORT <RelatedPerson.shex> IMPORT <DomainResource.shex> IMPORT <BackboneElement.shex> IMPORT <CodeableConcept.shex> IMPORT <PractitionerRole.shex> IMPORT <HealthcareService.shex> start=@<Permission> AND {fhir:nodeRole [fhir:treeRoot]} # Access Rules <Permission> EXTENDS @<DomainResource> CLOSED { a [fhir:Permission]?; fhir:nodeRole [fhir:treeRoot]?; fhir:identifier @<OneOrMore_Identifier>?; # Business Identifier for permission fhir:status @<code> AND {fhir:v @fhirvs:permission-status}; # active | entered-in-error | draft # | rejected fhir:asserter @<Reference> AND {fhir:link @<CareTeam> OR @<HealthcareService> OR @<Organization> OR @<Patient> OR @<Practitioner> OR @<PractitionerRole> OR @<RelatedPerson> ? }?; # The person or entity that asserts # the permission fhir:date @<OneOrMore_dateTime>?; # The date that permission was # asserted fhir:validity @<Period>?; # The period in which the permission # is active fhir:justification @<Permission.justification>?; # The asserted justification for # using the data fhir:combining @<code> AND {fhir:v @fhirvs:permission-rule-combining}; # deny-overrides | permit-overrides # | ordered-deny-overrides | # ordered-permit-overrides | # deny-unless-permit | # permit-unless-deny fhir:rule @<OneOrMore_Permission.rule>?; # Constraints to the Permission } # Constraints to the Permission <Permission.rule> EXTENDS @<BackboneElement> CLOSED { fhir:type @<code> AND {fhir:v @fhirvs:consent-provision-type}?; # deny | permit fhir:data @<OneOrMore_Permission.rule.data>?; # The selection criteria to identify # data that is within scope of this # provision fhir:activity @<OneOrMore_Permission.rule.activity>?; # A description or definition of # which activities are allowed to be # done on the data fhir:limit @<OneOrMore_CodeableConcept>?; # What limits apply to the use of # the data } # A description or definition of which activities are allowed to be done on the data <Permission.rule.activity> EXTENDS @<BackboneElement> CLOSED { fhir:actor @<OneOrMore_Reference_CareTeam_OR_Device_OR_Group_OR_Organization_OR_Patient_OR_Practitioner_OR_PractitionerRole_OR_RelatedPerson>?; # Authorized actor(s) fhir:action @<OneOrMore_CodeableConcept>?; # Actions controlled by this rule fhir:purpose @<OneOrMore_CodeableConcept>?; # The purpose for which the # permission is given } # The asserted justification for using the data <Permission.justification> EXTENDS @<BackboneElement> CLOSED { fhir:basis @<OneOrMore_CodeableConcept>?; # The regulatory grounds upon which # this Permission builds fhir:evidence @<OneOrMore_Reference_Resource>?; # Justifing rational } # The selection criteria to identify data that is within scope of this provision <Permission.rule.data> EXTENDS @<BackboneElement> CLOSED { fhir:resource @<OneOrMore_Permission.rule.data.resource>?; # Explicit FHIR Resource references fhir:security @<OneOrMore_Coding>?; # Security tag code on .meta.security fhir:period @<Period>?; # Timeframe encompasing data # create/update fhir:expression @<Expression>?; # Expression identifying the data } # Explicit FHIR Resource references <Permission.rule.data.resource> EXTENDS @<BackboneElement> CLOSED { fhir:meaning @<code> AND {fhir:v @fhirvs:consent-data-meaning}; # instance | related | dependents | # authoredby fhir:reference @<Reference> AND {fhir:link @<Resource> ? }; # The actual data reference } #---------------------- Cardinality Types (OneOrMore) ------------------- <OneOrMore_Identifier> CLOSED { rdf:first @<Identifier> ; rdf:rest [rdf:nil] OR @<OneOrMore_Identifier> } <OneOrMore_dateTime> CLOSED { rdf:first @<dateTime> ; rdf:rest [rdf:nil] OR @<OneOrMore_dateTime> } <OneOrMore_Permission.rule> CLOSED { rdf:first @<Permission.rule> ; rdf:rest [rdf:nil] OR @<OneOrMore_Permission.rule> } <OneOrMore_Permission.rule.data> CLOSED { rdf:first @<Permission.rule.data> ; rdf:rest [rdf:nil] OR @<OneOrMore_Permission.rule.data> } <OneOrMore_Permission.rule.activity> CLOSED { rdf:first @<Permission.rule.activity> ; rdf:rest [rdf:nil] OR @<OneOrMore_Permission.rule.activity> } <OneOrMore_CodeableConcept> CLOSED { rdf:first @<CodeableConcept> ; rdf:rest [rdf:nil] OR @<OneOrMore_CodeableConcept> } <OneOrMore_Reference_CareTeam_OR_Device_OR_Group_OR_Organization_OR_Patient_OR_Practitioner_OR_PractitionerRole_OR_RelatedPerson> CLOSED { rdf:first @<Reference> AND {fhir:link @<CareTeam> OR @<Device> OR @<Group> OR @<Organization> OR @<Patient> OR @<Practitioner> OR @<PractitionerRole> OR @<RelatedPerson> } ; rdf:rest [rdf:nil] OR @<OneOrMore_Reference_CareTeam_OR_Device_OR_Group_OR_Organization_OR_Patient_OR_Practitioner_OR_PractitionerRole_OR_RelatedPerson> } <OneOrMore_Reference_Resource> CLOSED { rdf:first @<Reference> AND {fhir:link @<Resource> } ; rdf:rest [rdf:nil] OR @<OneOrMore_Reference_Resource> } <OneOrMore_Permission.rule.data.resource> CLOSED { rdf:first @<Permission.rule.data.resource> ; rdf:rest [rdf:nil] OR @<OneOrMore_Permission.rule.data.resource> } <OneOrMore_Coding> CLOSED { rdf:first @<Coding> ; rdf:rest [rdf:nil] OR @<OneOrMore_Coding> } #---------------------- Value Sets ------------------------ # How a resource reference is interpreted when testing consent restrictions. fhirvs:consent-data-meaning ["instance" "related" "dependents" "authoredby"] # How a rule statement is applied, such as adding additional consent or removing consent. fhirvs:consent-provision-type ["deny" "permit"] # Codes identifying rule combining algorithm. fhirvs:permission-rule-combining ["deny-overrides" "permit-overrides" "ordered-deny-overrides" "ordered-permit-overrides" "deny-unless-permit" "permit-unless-deny"] # Codes identifying the lifecycle stage of a product. fhirvs:permission-status ["active" "entered-in-error" "draft" "rejected"]
Usage note: every effort has been made to ensure that the ShEx files are correct and useful, but they are not a normative part of the specification.
FHIR ®© HL7.org 2011+. FHIR R6 hl7.fhir.core#6.0.0-ballot2 generated on Mon, Aug 12, 2024 16:59+0800.
Links: Search |
Version History |
Contents |
Glossary |
QA |
Compare to R5 |
|
Propose a change