FHIR Cross-Version Extensions package for FHIR R4 from FHIR R5
0.0.1-snapshot-2 - informative International flag

FHIR Cross-Version Extensions package for FHIR R4 from FHIR R5 - Version 0.0.1-snapshot-2. See the Directory of published versions

CodeSystem: Permission Rule Combining

Official URL: http://hl7.org/fhir/permission-rule-combining Version: 5.0.0
Standards status: Informative Maturity Level: 0 Responsible: Security Computable Name: PermissionRuleCombining

Codes identifying the rule combining. See XACML Combining algorithms http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cos01-en.html

This Code system is referenced in the content logical definition of the following value sets:

This case-sensitive code system http://hl7.org/fhir/permission-rule-combining defines the following codes:

CodeDisplayDefinition
deny-overrides Deny-overrides The deny overrides combining algorithm is intended for those cases where a deny decision should have priority over a permit decision.
permit-overrides Permit-overrides The permit overrides combining algorithm is intended for those cases where a permit decision should have priority over a deny decision.
ordered-deny-overrides Ordered-deny-overrides The behavior of this algorithm is identical to that of the “Deny-overrides” rule-combining algorithm with one exception. The order in which the collection of rules is evaluated SHALL match the order as listed in the permission.
ordered-permit-overrides Ordered-permit-overrides The behavior of this algorithm is identical to that of the “Permit-overrides” rule-combining algorithm with one exception. The order in which the collection of rules is evaluated SHALL match the order as listed in the permission.
deny-unless-permit Deny-unless-permit The “Deny-unless-permit” combining algorithm is intended for those cases where a permit decision should have priority over a deny decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result.
permit-unless-deny Permit-unless-deny The “Permit-unless-deny” combining algorithm is intended for those cases where a deny decision should have priority over a permit decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result. This algorithm has the following behavior.