FHIR Cross-Version Extensions package for FHIR R4 from FHIR R5
0.0.1-snapshot-2 - informative
FHIR Cross-Version Extensions package for FHIR R4 from FHIR R5
0.0.1-snapshot-2 - informative
FHIR Cross-Version Extensions package for FHIR R4 from FHIR R5 - Version 0.0.1-snapshot-2. See the Directory of published versions
| Page standards status: Informative | Maturity Level: 0 |
{
"resourceType" : "CodeSystem",
"id" : "permission-rule-combining",
"text" : {
"status" : "generated",
"div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\">\n <p>This code system \n <code>http://hl7.org/fhir/permission-rule-combining</code> defines the following codes:\n </p>\n <table class=\"codes\">\n <tr>\n <td style=\"white-space:nowrap\">\n <b>Code</b>\n </td>\n <td>\n <b>Display</b>\n </td>\n <td>\n <b>Definition</b>\n </td>\n </tr>\n <tr>\n <td style=\"white-space:nowrap\">deny-overrides\n <a name=\"permission-rule-combining-deny-overrides\"> </a>\n </td>\n <td>Deny-overrides</td>\n <td>The deny overrides combining algorithm is intended for those cases where a deny decision should have priority over a permit decision.</td>\n </tr>\n <tr>\n <td style=\"white-space:nowrap\">permit-overrides\n <a name=\"permission-rule-combining-permit-overrides\"> </a>\n </td>\n <td>Permit-overrides</td>\n <td>The permit overrides combining algorithm is intended for those cases where a permit decision should have priority over a deny decision.</td>\n </tr>\n <tr>\n <td style=\"white-space:nowrap\">ordered-deny-overrides\n <a name=\"permission-rule-combining-ordered-deny-overrides\"> </a>\n </td>\n <td>Ordered-deny-overrides</td>\n <td>The behavior of this algorithm is identical to that of the “Deny-overrides” rule-combining algorithm with one exception. The order in which the collection of rules is evaluated SHALL match the order as listed in the permission.</td>\n </tr>\n <tr>\n <td style=\"white-space:nowrap\">ordered-permit-overrides\n <a name=\"permission-rule-combining-ordered-permit-overrides\"> </a>\n </td>\n <td>Ordered-permit-overrides</td>\n <td>The behavior of this algorithm is identical to that of the “Permit-overrides” rule-combining algorithm with one exception. The order in which the collection of rules is evaluated SHALL match the order as listed in the permission.</td>\n </tr>\n <tr>\n <td style=\"white-space:nowrap\">deny-unless-permit\n <a name=\"permission-rule-combining-deny-unless-permit\"> </a>\n </td>\n <td>Deny-unless-permit</td>\n <td>The “Deny-unless-permit” combining algorithm is intended for those cases where a permit decision should have priority over a deny decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result.</td>\n </tr>\n <tr>\n <td style=\"white-space:nowrap\">permit-unless-deny\n <a name=\"permission-rule-combining-permit-unless-deny\"> </a>\n </td>\n <td>Permit-unless-deny</td>\n <td>The “Permit-unless-deny” combining algorithm is intended for those cases where a deny decision should have priority over a permit decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result. This algorithm has the following behavior.</td>\n </tr>\n </table>\n </div>"
},
"extension" : [
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-standards-status",
"valueCode" : "informative"
},
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-fmm",
"valueInteger" : 0
},
{
"extension" : [
{
"url" : "packageId",
"valueId" : "hl7.fhir.uv.xver-r5.r4"
},
{
"url" : "version",
"valueString" : "0.0.1-snapshot-2"
}
],
"url" : "http://hl7.org/fhir/StructureDefinition/package-source"
},
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-wg",
"valueCode" : "sec"
}
],
"url" : "http://hl7.org/fhir/permission-rule-combining",
"version" : "5.0.0",
"name" : "PermissionRuleCombining",
"title" : "Permission Rule Combining",
"status" : "active",
"experimental" : false,
"date" : "2022-08-05T09:01:24+10:00",
"publisher" : "Security",
"contact" : [
{
"name" : "Security",
"telecom" : [
{
"system" : "url",
"value" : "http://www.hl7.org/Special/committees/secure"
}
]
}
],
"description" : "Codes identifying the rule combining. See XACML Combining algorithms http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cos01-en.html",
"jurisdiction" : [
{
"coding" : [
{
"system" : "http://unstats.un.org/unsd/methods/m49/m49.htm",
"code" : "001",
"display" : "World"
}
]
}
],
"caseSensitive" : true,
"content" : "complete",
"concept" : [
{
"code" : "deny-overrides",
"display" : "Deny-overrides",
"definition" : "The deny overrides combining algorithm is intended for those cases where a deny decision should have priority over a permit decision."
},
{
"code" : "permit-overrides",
"display" : "Permit-overrides",
"definition" : "The permit overrides combining algorithm is intended for those cases where a permit decision should have priority over a deny decision."
},
{
"code" : "ordered-deny-overrides",
"display" : "Ordered-deny-overrides",
"definition" : "The behavior of this algorithm is identical to that of the “Deny-overrides” rule-combining algorithm with one exception. The order in which the collection of rules is evaluated SHALL match the order as listed in the permission."
},
{
"code" : "ordered-permit-overrides",
"display" : "Ordered-permit-overrides",
"definition" : "The behavior of this algorithm is identical to that of the “Permit-overrides” rule-combining algorithm with one exception. The order in which the collection of rules is evaluated SHALL match the order as listed in the permission."
},
{
"code" : "deny-unless-permit",
"display" : "Deny-unless-permit",
"definition" : "The “Deny-unless-permit” combining algorithm is intended for those cases where a permit decision should have priority over a deny decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result."
},
{
"code" : "permit-unless-deny",
"display" : "Permit-unless-deny",
"definition" : "The “Permit-unless-deny” combining algorithm is intended for those cases where a deny decision should have priority over a permit decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result. This algorithm has the following behavior."
}
]
}
IG © 2025+ FHIR Infrastructure. Package hl7.fhir.uv.xver-r5.r4#0.0.1-snapshot-2 based on FHIR 4.0.1. Generated 2025-09-13
Links: Table of Contents |
QA Report
| Version History |
|
History